Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release
Advisory ID: RHSA-2020:4366-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366
Issue date: 2020-10-27
CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781
CVE-2019-16782 CVE-2020-5216 CVE-2020-5217
CVE-2020-5267 CVE-2020-7238 CVE-2020-7663
CVE-2020-7942 CVE-2020-7943 CVE-2020-8161
CVE-2020-8184 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10693
CVE-2020-10968 CVE-2020-10969 CVE-2020-11619
CVE-2020-14061 CVE-2020-14062 CVE-2020-14195
CVE-2020-14334 CVE-2020-14380
====================================================================
1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64
Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October
2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via
metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to
account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the
session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic
overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides
with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
j or escape_javascript methods
are susceptible to XSS attacks (CVE-2020-5267)
- puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing
prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when
downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of
your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6
network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade
all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest
version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8
using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document linked to in the References
section.
- Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined method</code>klass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject>
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Satellite Capsule 6.8:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>Red Hat Satellite 6.7:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
candlepin-3.1.21-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
foreman-selinux-2.1.2.3-1.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pcp-mmvstatsd-0.4-2.el7sat.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-aiohttp-3.6.2-4.el7ar.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-async-timeout-3.0.1-2.el7ar.src.rpm
python-attrs-19.3.0-3.el7ar.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-chardet-3.0.4-10.el7ar.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-dateutil-2.8.1-2.el7ar.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-idna-2.4-2.el7ar.src.rpm
python-idna-ssl-1.1.0-2.el7ar.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-multidict-4.7.4-2.el7ar.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-prometheus-client-0.7.1-2.el7ar.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-receptor-satellite-1.2.0-1.el7sat.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-six-1.11.0-8.el7ar.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-typing-extensions-3.7.4.1-2.el7ar.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-yarl-1.4.2-2.el7ar.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
receptor-0.6.3-1.el7ar.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm
rubygem-facter-2.4.1-2.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
rubygem-passenger-4.0.18-24.el7sat.src.rpm
rubygem-rack-1.6.12-1.el7sat.src.rpm
rubygem-rake-0.9.2.2-41.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm
tfm-rubygem-git-1.5.0-1.el7sat.src.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-3.3.0-1.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm
tfm-rubygem-os-1.0.0-1.el7sat.src.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm
tfm-rubygem-text-1.3.0-7.el7sat.src.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
candlepin-3.1.21-1.el7sat.noarch.rpm
candlepin-selinux-3.1.21-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-2.1.2.19-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-cli-2.1.2.19-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm
foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm
foreman-gce-2.1.2.19-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-journald-2.1.2.19-1.el7sat.noarch.rpm
foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm
foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm
foreman-service-2.1.2.19-1.el7sat.noarch.rpm
foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm
foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm
katello-3.16.0-1.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
katello-selinux-3.4.0-1.el7sat.noarch.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
python3-async-timeout-3.0.1-2.el7ar.noarch.rpm
python3-attrs-19.3.0-3.el7ar.noarch.rpm
python3-chardet-3.0.4-10.el7ar.noarch.rpm
python3-dateutil-2.8.1-2.el7ar.noarch.rpm
python3-idna-2.4-2.el7ar.noarch.rpm
python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm
python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm
python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm
python3-six-1.11.0-8.el7ar.noarch.rpm
python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
receptor-0.6.3-1.el7ar.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
rubygem-rack-1.6.12-1.el7sat.noarch.rpm
rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm
satellite-6.8.0-1.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-cli-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm
tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm
tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm
tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_passenger-4.0.18-24.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm
python3-multidict-4.7.4-2.el7ar.x86_64.rpm
python3-yarl-1.4.2-2.el7ar.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm
rubygem-facter-2.4.1-2.el7sat.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-3258
https://access.redhat.com/security/cve/CVE-2018-11751
https://access.redhat.com/security/cve/CVE-2019-12781
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2020-5216
https://access.redhat.com/security/cve/CVE-2020-5217
https://access.redhat.com/security/cve/CVE-2020-5267
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/cve/CVE-2020-7663
https://access.redhat.com/security/cve/CVE-2020-7942
https://access.redhat.com/security/cve/CVE-2020-7943
https://access.redhat.com/security/cve/CVE-2020-8161
https://access.redhat.com/security/cve/CVE-2020-8184
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-14061
https://access.redhat.com/security/cve/CVE-2020-14062
https://access.redhat.com/security/cve/CVE-2020-14195
https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/cve/CVE-2020-14380
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK
1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa
5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr
oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f
Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io
OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX
k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG
C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5
/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta
D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a
f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG
1yK/tAm1KBU=osSG
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p>
</li>
<li>
<p>dom4j (CVE-2018-1000632)</p>
</li>
<li>
<p>elasticsearch (CVE-2018-3831)</p>
</li>
<li>
<p>pdfbox (CVE-2018-11797)</p>
</li>
<li>
<p>vertx (CVE-2018-12541)</p>
</li>
<li>
<p>spring-data-jpa (CVE-2019-3797)</p>
</li>
<li>
<p>mina-core (CVE-2019-0231)</p>
</li>
<li>
<p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540
CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943
CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619
CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p>
</li>
<li>
<p>jackson-mapper-asl (CVE-2019-10172)</p>
</li>
<li>
<p>hawtio (CVE-2019-9827)</p>
</li>
<li>
<p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p>
</li>
<li>
<p>santuario (CVE-2019-12400)</p>
</li>
<li>
<p>apache-commons-beanutils (CVE-2019-10086)</p>
</li>
<li>
<p>cxf (CVE-2019-17573)</p>
</li>
<li>
<p>apache-commons-configuration (CVE-2020-1953)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. </p>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>cxf: reflected XSS in the services listing page (CVE-2019-17573)</p>
</li>
<li>
<p>cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)</p>
</li>
<li>
<p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)</p>
</li>
<li>
<p>jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p>
</li>
<li>
<p>cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)</p>
</li>
<li>
<p>smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)</p>
</li>
<li>
<p>resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)</p>
</li>
<li>
<p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)</p>
</li>
<li>
<p>undertow: invalid HTTP request with large chunk size (CVE-2020-10719)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p>
</li>
<li>
<p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p>
</li>
<li>
<p>libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)</p>
</li>
<li>
<p>libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)</p>
</li>
<li>
<p>jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - <a href="7.3.z">GSS</a> Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - <a href="7.3.z">GSS</a> Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - <a href="7.3.z">GSS</a> Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - <a href="7.3.z">GSS</a> Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - <a href="7.3.z">GSS</a> Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - <a href="7.3.z">GSS</a> Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - <a href="7.3.z">GSS</a> Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - <a href="7.3.z">GSS</a> Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8
JBEAP-18409 - <a href="7.3.z">GSS</a> Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - <a href="7.3.z">GSS</a> Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - <a href="7.3.z">GSS</a> Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - <a href="7.3.z">GSS</a> Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - <a href="7.3.z">GSS</a> Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final</p>
<p>7</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1784" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1784" aria-expanded="false" aria-controls="collapseJsonvar-202003-1784">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1784&t=Vulnerability var-202003-1784" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1784&url=https://vulnerability.circl.lu/vuln/var-202003-1784" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1784&description=Vulnerability var-202003-1784" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1784&title=Vulnerability var-202003-1784" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1784')" vuln-id="var-202003-1784" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1784">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1784">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.7.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.6",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.7",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 1.5
},
"cve": "CVE-2020-9546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9546",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9546",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-042",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-187671",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9546",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9546"
},
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9546",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0828",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2050",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2042",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158048",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-16493",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158047",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"id": "VAR-202003-1784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:53:51.536000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111243"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202813 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202515 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202513 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202512 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202511 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=88553214b693594d88e3b37f8bb2c078"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
},
{
"title": "Cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/cgcl-codes/phunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/anonymous-phunter/phunter "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2631"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48008"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-hikari-config-31736"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2050/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0828/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2042/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1440/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/yahoo/cubed"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187671"
},
{
"date": "2020-03-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-09-07T16:38:23",
"db": "PACKETSTORM",
"id": "159081"
},
{
"date": "2020-07-02T15:43:25",
"db": "PACKETSTORM",
"id": "158282"
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080"
},
{
"date": "2020-06-11T16:36:11",
"db": "PACKETSTORM",
"id": "158047"
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082"
},
{
"date": "2020-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"date": "2020-03-02T04:15:10.843000",
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187671"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"date": "2023-11-07T03:26:58.593000",
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202103-1463">var-202103-1463</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities.
Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See
the following Release Notes documentation, which will be updated shortly
for this release, for additional details about this release:</p>
<p>https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
gement_for_kubernetes/2.3/html/release_notes/</p>
<p>Security:</p>
<ul>
<li>
<p>fastify-reply-from: crafted URL allows prefix scape of the proxied
backend service (CVE-2021-21321)</p>
</li>
<li>
<p>fastify-http-proxy: crafted URL allows prefix scape of the proxied
backend service (CVE-2021-21322)</p>
</li>
<li>
<p>nodejs-netmask: improper input validation of octal input data
(CVE-2021-28918)</p>
</li>
<li>
<p>redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)</p>
</li>
<li>
<p>redis: Integer overflow via COPY command for large intsets
(CVE-2021-29478)</p>
</li>
<li>
<p>nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)</p>
</li>
<li>
<p>nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
(CVE-2020-28500)</p>
</li>
<li>
<p>golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing</p>
</li>
<li>
<p>-u- extension (CVE-2020-28851)</p>
</li>
<li>
<p>golang.org/x/text: Panic in language.ParseAcceptLanguage while processing
bcp47 tag (CVE-2020-28852)</p>
</li>
<li>
<p>nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)</p>
</li>
<li>
<p>oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)</p>
</li>
<li>
<p>redis: integer overflow when configurable limit for maximum supported
bulk input size is too big on 32-bit platforms (CVE-2021-21309)</p>
</li>
<li>
<p>nodejs-lodash: command injection via template (CVE-2021-23337)</p>
</li>
<li>
<p>nodejs-hosted-git-info: Regular Expression denial of service via
shortcutMatch in fromUrl() (CVE-2021-23362)</p>
</li>
<li>
<p>browserslist: parsing of invalid queries could result in Regular
Expression Denial of Service (ReDoS) (CVE-2021-23364)</p>
</li>
<li>
<p>nodejs-postcss: Regular expression denial of service during source map
parsing (CVE-2021-23368)</p>
</li>
<li>
<p>nodejs-handlebars: Remote code execution when compiling untrusted compile
templates with strict:true option (CVE-2021-23369)</p>
</li>
<li>
<p>nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in
lib/previous-map.js (CVE-2021-23382)</p>
</li>
<li>
<p>nodejs-handlebars: Remote code execution when compiling untrusted compile
templates with compat:true option (CVE-2021-23383)</p>
</li>
<li>
<p>openssl: integer overflow in CipherUpdate (CVE-2021-23840)</p>
</li>
<li>
<p>openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
(CVE-2021-23841)</p>
</li>
<li>
<p>nodejs-ua-parser-js: ReDoS via malicious User-Agent header
(CVE-2021-27292)</p>
</li>
<li>
<p>grafana: snapshot feature allow an unauthenticated remote attacker to
trigger a DoS via a remote API call (CVE-2021-27358)</p>
</li>
<li>
<p>nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)</p>
</li>
<li>
<p>nodejs-netmask: incorrectly parses an IP address that has octal integer
with invalid character (CVE-2021-29418)</p>
</li>
<li>
<p>ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
(CVE-2021-29482)</p>
</li>
<li>
<p>normalize-url: ReDoS for data URLs (CVE-2021-33502)</p>
</li>
<li>
<p>nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)</p>
</li>
<li>
<p>nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
(CVE-2021-23343)</p>
</li>
<li>
<p>html-parse-stringify: Regular Expression DoS (CVE-2021-23346)</p>
</li>
<li>
<p>openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)</p>
</li>
</ul>
<p>For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section. </p>
<p>Bugs:</p>
<ul>
<li>
<p>RFE Make the source code for the endpoint-metrics-operator public (BZ#
1913444)</p>
</li>
<li>
<p>cluster became offline after apiserver health check (BZ# 1942589)</p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ul>
<p>1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
1913444 - RFE Make the source code for the endpoint-metrics-operator public
1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull
1927520 - RHACM 2.3.0 images
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection
1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms
1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization
1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string
1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application
1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header
1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call
1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS
1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service
1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service
1942589 - cluster became offline after apiserver health check
1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character
1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data
1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option
1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing
1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js
1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service
1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)
1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command
1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets
1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs
1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method
1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions
1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id
1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters</p>
<ol>
<li></li>
</ol>
<p>Bug fix:</p>
<ul>
<li>
<p>RHACM 2.0.10 images (BZ #1940452)</p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ul>
<p>1940452 - RHACM 2.0.10 images
1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update
Advisory ID: RHSA-2022:0056-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056
Issue date: 2022-03-10
CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502
CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9169 CVE-2019-13050
CVE-2019-13627 CVE-2019-14889 CVE-2019-15903
CVE-2019-19906 CVE-2019-20454 CVE-2019-20807
CVE-2019-25013 CVE-2020-1730 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-8927 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-9952
CVE-2020-10018 CVE-2020-11793 CVE-2020-13434
CVE-2020-14391 CVE-2020-15358 CVE-2020-15503
CVE-2020-25660 CVE-2020-25677 CVE-2020-27618
CVE-2020-27781 CVE-2020-29361 CVE-2020-29362
CVE-2020-29363 CVE-2021-3121 CVE-2021-3326
CVE-2021-3449 CVE-2021-3450 CVE-2021-3516
CVE-2021-3517 CVE-2021-3518 CVE-2021-3520
CVE-2021-3521 CVE-2021-3537 CVE-2021-3541
CVE-2021-3733 CVE-2021-3749 CVE-2021-20305
CVE-2021-21684 CVE-2021-22946 CVE-2021-22947
CVE-2021-25215 CVE-2021-27218 CVE-2021-30666
CVE-2021-30761 CVE-2021-30762 CVE-2021-33928
CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
CVE-2021-36222 CVE-2021-37750 CVE-2021-39226
CVE-2021-41190 CVE-2021-43813 CVE-2021-44716
CVE-2021-44717 CVE-2022-0532 CVE-2022-21673
CVE-2022-24407
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Red Hat OpenShift Container Platform release 4.10.3 is now available with
updates to packages and images that fix several bugs and add enhancements. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments. </p>
<p>This advisory contains the container images for Red Hat OpenShift Container
Platform 4.10.3. See the following advisory for the RPM packages for this
release:</p>
<p>https://access.redhat.com/errata/RHSA-2022:0055</p>
<p>Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:</p>
<p>https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html</p>
<p>Security Fix(es):</p>
<ul>
<li>gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)</li>
<li>grafana: Snapshot authentication bypass (CVE-2021-39226)</li>
<li>golang: net/http: limit growth of header canonicalization cache
(CVE-2021-44716)</li>
<li>nodejs-axios: Regular expression denial of service in trim function
(CVE-2021-3749)</li>
<li>golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)</li>
<li>grafana: Forward OAuth Identity Token can allow users to access some data
sources (CVE-2022-21673)</li>
<li>grafana: directory traversal vulnerability (CVE-2021-43813)</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<p>You may download the oc tool and use it to inspect release image metadata
as follows:</p>
<p>(For x86_64 architecture)</p>
<p>$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64</p>
<p>The image digest is
sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56</p>
<p>(For s390x architecture)</p>
<p>$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-s390x</p>
<p>The image digest is
sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69</p>
<p>(For ppc64le architecture)</p>
<p>$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le</p>
<p>The image digest is
sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c</p>
<p>All OpenShift Container Platform 4.10 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html</p>
<ol>
<li>Solution:</li>
</ol>
<p>For OpenShift Container Platform 4.10 see the following documentation,
which will be updated shortly for this release, for moderate instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:</p>
<p>https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html</p>
<p>Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - <code>oc whoami --show-console</code> should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the <code>--max-icsp-size</code> flag of <code>oc adm catalog mirror</code>
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform
1976894 - Unidling a StatefulSet does not work as expected
1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases
1977414 - Build Config timed out waiting for condition 400: Bad Request
1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus
1978528 - systemd-coredump started and failed intermittently for unknown reasons
1978581 - machine-config-operator: remove runlevel from mco namespace
1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable
1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9
1979966 - OCP builds always fail when run on RHEL7 nodes
1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading
1981549 - Machine-config daemon does not recover from broken Proxy configuration
1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]
1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues
1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page
1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
1982662 - Workloads - DaemonSets - Add storage: i18n misses
1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "<em>/secrets/encryption-config" on single node clusters
1983758 - upgrades are failing on disruptive tests
1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
1984592 - global pull secret not working in OCP4.7.4+ for additional private registries
1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs
1985486 - Cluster Proxy not used during installation on OSP with Kuryr
1985724 - VM Details Page missing translations
1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted
1985933 - Downstream image registry recommendation
1985965 - oVirt CSI driver does not report volume stats
1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding"
1986237 - "MachineNotYetDeleted" in Pending state , alert not fired
1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid"
1986302 - console continues to fetch prometheus alert and silences for normal user
1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI
1986338 - error creating list of resources in Import YAML
1986502 - yaml multi file dnd duplicates previous dragged files
1986819 - fix string typos for hot-plug disks
1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure
1987136 - Declare operatorframework.io/arch.</em> labels for all operators
1987257 - Go-http-client user-agent being used for oc adm mirror requests
1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold
1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP
1988406 - SSH key dropped when selecting "Customize virtual machine" in UI
1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade
1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs
1989438 - expected replicas is wrong
1989502 - Developer Catalog is disappearing after short time
1989843 - 'More' and 'Show Less' functions are not translated on several page
1990014 - oc debug <pod-name> does not work for Windows pods
1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created
1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page
1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar
1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI
1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-<em> symlinks
1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var
1990625 - Ironic agent registers with SLAAC address with privacy-stable
1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time
1991067 - github.com can not be resolved inside pods where cluster is running on openstack.
1991573 - Enable typescript strictNullCheck on network-policies files
1991641 - Baremetal Cluster Operator still Available After Delete Provisioning
1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator
1991819 - Misspelled word "ocurred" in oc inspect cmd
1991942 - Alignment and spacing fixes
1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked
1992453 - The configMap failed to save on VM environment tab
1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab
1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab
1992509 - Could not customize boot source due to source PVC not found
1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
1992580 - storageProfile should stay with the same value by check/uncheck the apply button
1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply
1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios
1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)
1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing
1994094 - Some hardcodes are detected at the code level in OpenShift console components
1994142 - Missing required cloud config fields for IBM Cloud
1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools
1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart
1995335 - [SCALE] ovnkube CNI: remove ovs flows check
1995493 - Add Secret to workload button and Actions button are not aligned on secret details page
1995531 - Create RDO-based Ironic image to be promoted to OKD
1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator
1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs
1995924 - CMO should report <code>Upgradeable: false</code> when HA workload is incorrectly spread
1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole
1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN
1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down
1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page
1996647 - Provide more useful degraded message in auth operator on DNS errors
1996736 - Large number of 501 lr-policies in INCI2 env
1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes
1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP
1996928 - Enable default operator indexes on ARM
1997028 - prometheus-operator update removes env var support for thanos-sidecar
1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used
1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller.
1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI
1997269 - Have to refresh console to install kube-descheduler
1997478 - Storage operator is not available after reboot cluster instances
1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
1997967 - storageClass is not reserved from default wizard to customize wizard
1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order
1998038 - [e2e][automation] add tests for UI for VM disk hot-plug
1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus
1998174 - Create storageclass gp3-csi after install ocp cluster on aws
1998183 - "r: Bad Gateway" info is improper
1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected
1998377 - Filesystem table head is not full displayed in disk tab
1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory
1998519 - Add fstype when create localvolumeset instance on web console
1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page
1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
1999091 - Console update toast notification can appear multiple times
1999133 - removing and recreating static pod manifest leaves pod in error state
1999246 - .indexignore is not ingore when oc command load dc configuration
1999250 - ArgoCD in GitOps operator can't manage namespaces
1999255 - ovnkube-node always crashes out the first time it starts
1999261 - ovnkube-node log spam (and security token leak?)
1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page
1999314 - console-operator is slow to mark Degraded as False once console starts working
1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)
1999556 - "master" pool should be updated before the CVO reports available at the new version occurred
1999578 - AWS EFS CSI tests are constantly failing
1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages
1999619 - cloudinit is malformatted if a user sets a password during VM creation flow
1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow
1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined
1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub)
1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource
1999771 - revert "force cert rotation every couple days for development" in 4.10
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
1999796 - Openshift Console <code>Helm</code> tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace.
1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions
1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form
1999983 - No way to clear upload error from template boot source
2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter
2000096 - Git URL is not re-validated on edit build-config form reload
2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig
2000236 - Confusing usage message from dynkeepalived CLI
2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported
2000430 - bump cluster-api-provider-ovirt version in installer
2000450 - 4.10: Enable static PV multi-az test
2000490 - All critical alerts shipped by CMO should have links to a runbook
2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)
2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled
2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console
2000754 - IPerf2 tests should be lower
2000846 - Structure logs in the entire codebase of Local Storage Operator
2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24
2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM
2000938 - CVO does not respect changes to a Deployment strategy
2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone
2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole
2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error
2001337 - Details Card in ODF Dashboard mentions OCS
2001339 - fix text content hotplug
2001413 - [e2e][automation] add/delete nic and disk to template
2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
2001442 - Empty termination.log file for the kube-apiserver has too permissive mode
2001479 - IBM Cloud DNS unable to create/update records
2001566 - Enable alerts for prometheus operator in UWM
2001575 - Clicking on the perspective switcher shows a white page with loader
2001577 - Quick search placeholder is not displayed properly when the search string is removed
2001578 - [e2e][automation] add tests for vm dashboard tab
2001605 - PVs remain in Released state for a long time after the claim is deleted
2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options
2001620 - Cluster becomes degraded if it can't talk to Manila
2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF
2001761 - Unable to apply cluster operator storage for SNO on GCP platform.
2001765 - Some error message in the log of diskmaker-manager caused confusion
2001784 - show loading page before final results instead of showing a transient message No log files exist
2001804 - Reload feature on Environment section in Build Config form does not work properly
2001810 - cluster admin unable to view BuildConfigs in all namespaces
2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well
2001823 - OCM controller must update operator status
2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
2001835 - Could not select image tag version when create app from dev console
2001855 - Add capacity is disabled for ocs-storagecluster
2001856 - Repeating event: MissingVersion no image found for operand pod
2001959 - Side nav list borders don't extend to edges of container
2002007 - Layout issue on "Something went wrong" page
2002010 - ovn-kube may never attempt to retry a pod creation
2002012 - Cannot change volume mode when cloning a VM from a template
2002027 - Two instances of Dotnet helm chart show as one in topology
2002075 - opm render does not automatically pulling in the image(s) used in the deployments
2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster
2002125 - Network policy details page heading should be updated to Network Policy details
2002133 - [e2e][automation] add support/virtualization and improve deleteResource
2002134 - [e2e][automation] add test to verify vm details tab
2002215 - Multipath day1 not working on s390x
2002238 - Image stream tag is not persisted when switching from yaml to form editor
2002262 - [vSphere] Incorrect user agent in vCenter sessions list
2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector
2002276 - OLM fails to upgrade operators immediately
2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods
2002354 - Missing DU configuration "Done" status reporting during ZTP flow
2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs
2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN
2002397 - Resources search is inconsistent
2002434 - CRI-O leaks some children PIDs
2002443 - Getting undefined error on create local volume set page
2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy
2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods.
2002559 - User preference for topology list view does not follow when a new namespace is created
2002567 - Upstream SR-IOV worker doc has broken links
2002588 - Change text to be sentence case to align with PF
2002657 - ovn-kube egress IP monitoring is using a random port over the node network
2002713 - CNO: OVN logs should have millisecond resolution
2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite
2002763 - Two storage systems getting created with external mode RHCS
2002808 - KCM does not use web identity credentials
2002834 - Cluster-version operator does not remove unrecognized volume mounts
2002896 - Incorrect result return when user filter data by name on search page
2002950 - Why spec.containers.command is not created with "oc create deploymentconfig <dc-name> --image=<image> -- <command>"
2003096 - [e2e][automation] check bootsource URL is displaying on review step
2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role
2003120 - CI: Uncaught error with ResizeObserver on operand details page
2003145 - Duplicate operand tab titles causes "two children with the same key" warning
2003164 - OLM, fatal error: concurrent map writes
2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form
2003193 - Kubelet/crio leaks netns and veth ports in the host
2003195 - OVN CNI should ensure host veths are removed
2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images
2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI
2003244 - Revert libovsdb client code
2003251 - Patternfly components with list element has list item bullet when they should not.
2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI
2003269 - Rejected pods should be filtered from admission regression
2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release
2003426 - [e2e][automation] add test for vm details bootorder
2003496 - [e2e][automation] add test for vm resources requirment settings
2003641 - All metal ipi jobs are failing in 4.10
2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state
2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node
2003683 - Samples operator is panicking in CI
2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page
2003715 - Error on creating local volume set after selection of the volume mode
2003743 - Remove workaround keeping /boot RW for kdump support
2003775 - etcd pod on CrashLoopBackOff after master replacement procedure
2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
2003792 - Monitoring metrics query graph flyover panel is useless
2003808 - Add Sprint 207 translations
2003845 - Project admin cannot access image vulnerabilities view
2003859 - sdn emits events with garbage messages
2003896 - (release-4.10) ApiRequestCounts conditional gatherer
2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas
2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes
2004059 - [e2e][automation] fix current tests for downstream
2004060 - Trying to use basic spring boot sample causes crash on Firefox
2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection
2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently
2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver
2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory
2004449 - Boot option recovery menu prevents image boot
2004451 - The backup filename displayed in the RecentBackup message is incorrect
2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts
2004508 - TuneD issues with the recent ConfigParser changes.
2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions
2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs
2004578 - Monitoring and node labels missing for an external storage platform
2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days
2004596 - [4.10] Bootimage bump tracker
2004597 - Duplicate ramdisk log containers running
2004600 - Duplicate ramdisk log containers running
2004609 - output of "crictl inspectp" is not complete
2004625 - BMC credentials could be logged if they change
2004632 - When LE takes a large amount of time, multiple whereabouts are seen
2004721 - ptp/worker custom threshold doesn't change ptp events threshold
2004736 - [knative] Create button on new Broker form is inactive despite form being filled
2004796 - [e2e][automation] add test for vm scheduling policy
2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque
2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card
2004901 - [e2e][automation] improve kubevirt devconsole tests
2004962 - Console frontend job consuming too much CPU in CI
2005014 - state of ODF StorageSystem is misreported during installation or uninstallation
2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines
2005179 - pods status filter is not taking effect
2005182 - sync list of deprecated apis about to be removed
2005282 - Storage cluster name is given as title in StorageSystem details page
2005355 - setuptools 58 makes Kuryr CI fail
2005407 - ClusterNotUpgradeable Alert should be set to Severity Info
2005415 - PTP operator with sidecar api configured throws bind: address already in use
2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console
2005554 - The switch status of the button "Show default project" is not revealed correctly in code
2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2005761 - QE - Implementing crw-basic feature file
2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow
2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty
2005854 - SSH NodePort service is created for each VM
2005901 - KS, KCM and KA going Degraded during master nodes upgrade
2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user
2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics
2005971 - Change telemeter to report the Application Services product usage metrics
2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files
2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased
2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types
2006101 - Power off fails for drivers that don't support Soft power off
2006243 - Metal IPI upgrade jobs are running out of disk space
2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address
2006308 - Backing Store YAML tab on click displays a blank screen on UI
2006325 - Multicast is broken across nodes
2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators
2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource
2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception"
2006714 - add retry for etcd errors in kube-apiserver
2006767 - KubePodCrashLooping may not fire
2006803 - Set CoreDNS cache entries for forwarded zones
2006861 - Add Sprint 207 part 2 translations
2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap
2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors
2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded
2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick
2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails
2007271 - CI Integration for Knative test cases
2007289 - kubevirt tests are failing in CI
2007322 - Devfile/Dockerfile import does not work for unsupported git host
2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2008521 - gcp-hostname service should correct invalid search entries in resolv.conf
2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount
2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror
2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers
2008599 - Azure Stack UPI does not have Internal Load Balancer
2008612 - Plugin asset proxy does not pass through browser cache headers
2008712 - VPA webhook timeout prevents all pods from starting
2008733 - kube-scheduler: exposed /debug/pprof port
2008911 - Prometheus repeatedly scaling prometheus-operator replica set
2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12
2009055 - Instances of OCS to be replaced with ODF on UI
2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs
2009083 - opm blocks pruning of existing bundles during add
2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances
2009131 - [e2e][automation] add more test about vmi
2009148 - [e2e][automation] test vm nic presets and options
2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator
2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family
2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted
2009384 - UI changes to support BindableKinds CRD changes
2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped
2009424 - Deployment upgrade is failing availability check
2009454 - Change web terminal subscription permissions from get to list
2009465 - container-selinux should come from rhel8-appstream
2009514 - Bump OVS to 2.16-15
2009555 - Supermicro X11 system not booting from vMedia with AI
2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points
2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow
2009699 - Failure to validate flavor RAM
2009754 - Footer is not sticky anymore in import forms
2009785 - CRI-O's version file should be pinned by MCO
2009791 - Installer: ibmcloud ignores install-config values
2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13
2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo
2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2009873 - Stale Logical Router Policies and Annotations for a given node
2009879 - There should be test-suite coverage to ensure admin-acks work as expected
2009888 - SRO package name collision between official and community version
2010073 - uninstalling and then reinstalling sriov-network-operator is not working
2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed.
2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default
2013751 - Service details page is showing wrong in-cluster hostname
2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page
2013871 - Resource table headings are not aligned with their column data
2013895 - Cannot enable accelerated network via MachineSets on Azure
2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude"
2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)
2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain
2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)
2013996 - Project detail page: Action "Delete Project" does nothing for the default project
2014071 - Payload imagestream new tags not properly updated during cluster upgrade
2014153 - SRIOV exclusive pooling
2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace
2014238 - AWS console test is failing on importing duplicate YAML definitions
2014245 - Several aria-labels, external links, and labels aren't internationalized
2014248 - Several files aren't internationalized
2014352 - Could not filter out machine by using node name on machines page
2014464 - Unexpected spacing/padding below navigation groups in developer perspective
2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages
2014486 - Integration Tests: OLM single namespace operator tests failing
2014488 - Custom operator cannot change orders of condition tables
2014497 - Regex slows down different forms and creates too much recursion errors in the log
2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id'
2014614 - Metrics scraping requests should be assigned to exempt priority level
2014710 - TestIngressStatus test is broken on Azure
2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly
2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile
2015115 - [RFE] PCI passthrough
2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter
2015154 - Support ports defined networks and primarySubnet
2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic
2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production
2015386 - Possibility to add labels to the built-in OCP alerts
2015395 - Table head on Affinity Rules modal is not fully expanded
2015416 - CI implementation for Topology plugin
2015418 - Project Filesystem query returns No datapoints found
2015420 - No vm resource in project view's inventory
2015422 - No conflict checking on snapshot name
2015472 - Form and YAML view switch button should have distinguishable status
2015481 - [4.10] sriov-network-operator daemon pods are failing to start
2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English
2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2017427 - NTO does not restart TuneD daemon when profile application is taking too long
2017535 - Broken Argo CD link image on GitOps Details Page
2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references
2017564 - On-prem prepender dispatcher script overwrites DNS search settings
2017565 - CCMO does not handle additionalTrustBundle on Azure Stack
2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice
2017606 - [e2e][automation] add test to verify send key for VNC console
2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes
2017656 - VM IP address is "undefined" under VM details -> ssh field
2017663 - SSH password authentication is disabled when public key is not supplied
2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP
2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set
2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource
2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults
2017761 - [e2e][automation] dummy bug for 4.9 test dependency
2017872 - Add Sprint 209 translations
2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances
2017879 - Add Chinese translation for "alternate"
2017882 - multus: add handling of pod UIDs passed from runtime
2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods
2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI
2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS
2018094 - the tooltip length is limited
2018152 - CNI pod is not restarted when It cannot start servers due to ports being used
2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time
2018234 - user settings are saved in local storage instead of on cluster
2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?)
2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)
2018275 - Topology graph doesn't show context menu for Export CSV
2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked
2018380 - Migrate docs links to access.redhat.com
2018413 - Error: context deadline exceeded, OCP 4.8.9
2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked
2018445 - [e2e][automation] enhance tests for downstream
2018446 - [e2e][automation] move tests to different level
2018449 - [e2e][automation] add test about create/delete network attachment definition
2018490 - [4.10] Image provisioning fails with file name too long
2018495 - Fix typo in internationalization README
2018542 - Kernel upgrade does not reconcile DaemonSet
2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit
2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes
2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950
2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10
2018985 - The rootdisk size is 15Gi of windows VM in customize wizard
2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync.
2019096 - Update SRO leader election timeout to support SNO
2019129 - SRO in operator hub points to wrong repo for README
2019181 - Performance profile does not apply
2019198 - ptp offset metrics are not named according to the log output
2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest
2019284 - Stop action should not in the action list while VMI is not running
2019346 - zombie processes accumulation and Argument list too long
2019360 - [RFE] Virtualization Overview page
2019452 - Logger object in LSO appends to existing logger recursively
2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect
2019634 - Pause and migration is enabled in action list for a user who has view only permission
2019636 - Actions in VM tabs should be disabled when user has view only permission
2019639 - "Take snapshot" should be disabled while VM image is still been importing
2019645 - Create button is not removed on "Virtual Machines" page for view only user
2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user
2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user
2019717 - cant delete VM with un-owned pvc attached
2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass
2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always"
2019744 - [RFE] Suggest users to download newest RHEL 8 version
2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level
2019827 - Display issue with top-level menu items running demo plugin
2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded
2019886 - Kuryr unable to finish ports recovery upon controller restart
2019948 - [RFE] Restructring Virtualization links
2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster
2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout
2019986 - Dynamic demo plugin fails to build
2019992 - instance:node_memory_utilisation:ratio metric is incorrect
2020001 - Update dockerfile for demo dynamic plugin to reflect dir change
2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation.
2020107 - cluster-version-operator: remove runlevel from CVO namespace
2020153 - Creation of Windows high performance VM fails
2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public
2020250 - Replacing deprecated ioutil
2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build
2020275 - ClusterOperators link in console returns blank page during upgrades
2020377 - permissions error while using tcpdump option with must-gather
2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined
2020498 - "Show PromQL" button is disabled
2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature
2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI
2020664 - DOWN subports are not cleaned up
2020904 - When trying to create a connection from the Developer view between VMs, it fails
2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana
2021017 - 404 page not found error on knative eventing page
2021031 - QE - Fix the topology CI scripts
2021048 - [RFE] Added MAC Spoof check
2021053 - Metallb operator presented as community operator
2021067 - Extensive number of requests from storage version operator in cluster
2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes
2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass
2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node
2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating
2021152 - imagePullPolicy is "Always" for ptp operator images
2021191 - Project admins should be able to list available network attachment defintions
2021205 - Invalid URL in git import form causes validation to not happen on URL change
2021322 - cluster-api-provider-azure should populate purchase plan information
2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind
2021364 - Installer requires invalid AWS permission s3:GetBucketReplication
2021400 - Bump documentationBaseURL to 4.10
2021405 - [e2e][automation] VM creation wizard Cloud Init editor
2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected
2021466 - [e2e][automation] Windows guest tool mount
2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver
2021551 - Build is not recognizing the USER group from an s2i image
2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character
2021629 - api request counts for current hour are incorrect
2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page
2021693 - Modals assigned modal-lg class are no longer the correct width
2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines
2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled
2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags
2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem
2022053 - dpdk application with vhost-net is not able to start
2022114 - Console logging every proxy request
2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)
2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long
2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error .
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2022509 - getOverrideForManifest does not check manifest.GVK.Group
2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache
2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard
2022627 - Machine object not picking up external FIP added to an openstack vm
2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:'
2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox
2022801 - Add Sprint 210 translations
2022811 - Fix kubelet log rotation file handle leak
2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations
2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2022880 - Pipeline renders with minor visual artifact with certain task dependencies
2022886 - Incorrect URL in operator description
2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config
2023060 - [e2e][automation] Windows VM with CDROM migration
2023077 - [e2e][automation] Home Overview Virtualization status
2023090 - [e2e][automation] Examples of Import URL for VM templates
2023102 - [e2e][automation] Cloudinit disk of VM from custom template
2023216 - ACL for a deleted egressfirewall still present on node join switch
2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9
2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy
2023342 - SCC admission should take ephemeralContainers into account
2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden)
2023434 - Update Azure Machine Spec API to accept Marketplace Images
2023500 - Latency experienced while waiting for volumes to attach to node
2023522 - can't remove package from index: database is locked
2023560 - "Network Attachment Definitions" has no project field on the top in the list view
2023592 - [e2e][automation] add mac spoof check for nad
2023604 - ACL violation when deleting a provisioning-configuration resource
2023607 - console returns blank page when normal user without any projects visit Installed Operators page
2023638 - Downgrade support level for extended control plane integration to Dev Preview
2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10
2023675 - Changing CNV Namespace
2023779 - Fix Patch 104847 in 4.9
2023781 - initial hardware devices is not loading in wizard
2023832 - CCO updates lastTransitionTime for non-Status changes
2023839 - Bump recommended FCOS to 34.20211031.3.0
2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly
2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository
2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8
2024055 - External DNS added extra prefix for the TXT record
2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully
2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json
2024199 - 400 Bad Request error for some queries for the non admin user
2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode
2024262 - Sample catalog is not displayed when one API call to the backend fails
2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability
2024316 - modal about support displays wrong annotation
2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected
2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page
2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view
2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined
2024515 - test-blocker: Ceph-storage-plugin tests failing
2024535 - hotplug disk missing OwnerReference
2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image
2024547 - Detail page is breaking for namespace store , backing store and bucket class.
2024551 - KMS resources not getting created for IBM FlashSystem storage
2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel
2024613 - pod-identity-webhook starts without tls
2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded
2024665 - Bindable services are not shown on topology
2024731 - linuxptp container: unnecessary checking of interfaces
2024750 - i18n some remaining OLM items
2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack
2024841 - test Keycloak with latest tag
2024859 - Not able to deploy an existing image from private image registry using developer console
2024880 - Egress IP breaks when network policies are applied
2024900 - Operator upgrade kube-apiserver
2024932 - console throws "Unauthorized" error after logging out
2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up
2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick
2025230 - ClusterAutoscalerUnschedulablePods should not be a warning
2025266 - CreateResource route has exact prop which need to be removed
2025301 - [e2e][automation] VM actions availability in different VM states
2025304 - overwrite storage section of the DV spec instead of the pvc section
2025431 - [RFE]Provide specific windows source link
2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36
2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node
2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local
2025481 - Update VM Snapshots UI
2025488 - [DOCS] Update the doc for nmstate operator installation
2025592 - ODC 4.9 supports invalid devfiles only
2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings"
2025767 - VMs orphaned during machineset scaleup
2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard
2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-</em>
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2026560 - Cluster-version operator does not remove unrecognized volume mounts
2026699 - fixed a bug with missing metadata
2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator
2026898 - Description/details are missing for Local Storage Operator
2027132 - Use the specific icon for Fedora and CentOS template
2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend
2027272 - KubeMemoryOvercommit alert should be human readable
2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group
2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue)
2027299 - The status of checkbox component is not revealed correctly in code
2027311 - K8s watch hooks do not work when fetching core resources
2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation
2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images
2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation
2027498 - [IBMCloud] SG Name character length limitation
2027501 - [4.10] Bootimage bump tracker
2027524 - Delete Application doesn't delete Channels or Brokers
2027563 - e2e/add-flow-ci.feature fix accessibility violations
2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges
2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions
2027685 - openshift-cluster-csi-drivers pods crashing on PSI
2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced
2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string
2027917 - No settings in hostfirmwaresettings and schema objects for masters
2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf
2027982 - nncp stucked at ConfigurationProgressing
2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters
2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed
2028030 - Panic detected in cluster-image-registry-operator pod
2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found"
2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9
2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin
2028141 - Console tests doesn't pass on Node.js 15 and 16
2028160 - Remove i18nKey in network-policy-peer-selectors.tsx
2028162 - Add Sprint 210 translations
2028170 - Remove leading and trailing whitespace
2028174 - Add Sprint 210 part 2 translations
2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it
2028217 - Cluster-version operator does not default Deployment replicas to one
2028240 - Multiple CatalogSources causing higher CPU use than necessary
2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings
2028325 - disableDrain should be set automatically on SNO
2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel
2028531 - Missing netFilter to the list of parameters when platform is OpenStack
2028610 - Installer doesn't retry on GCP rate limiting
2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting
2028695 - destroy cluster does not prune bootstrap instance profile
2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs
2028802 - CRI-O panic due to invalid memory address or nil pointer dereference
2028816 - VLAN IDs not released on failures
2028881 - Override not working for the PerformanceProfile template
2028885 - Console should show an error context if it logs an error object
2028949 - Masthead dropdown item hover text color is incorrect
2028963 - Whereabouts should reconcile stranded IP addresses
2029034 - enabling ExternalCloudProvider leads to inoperative cluster
2029178 - Create VM with wizard - page is not displayed
2029181 - Missing CR from PGT
2029273 - wizard is not able to use if project field is "All Projects"
2029369 - Cypress tests github rate limit errors
2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out
2029394 - missing empty text for hardware devices at wizard review
2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used
2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl
2029521 - EFS CSI driver cannot delete volumes under load
2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle
2029579 - Clicking on an Application which has a Helm Release in it causes an error
2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE
2029645 - Sync upstream 1.15.0 downstream
2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing
2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip
2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage
2029785 - CVO panic when an edge is included in both edges and conditionaledges
2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)
2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error
2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2030228 - Fix StorageSpec resources field to use correct API
2030229 - Mirroring status card reflect wrong data
2030240 - Hide overview page for non-privileged user
2030305 - Export App job do not completes
2030347 - kube-state-metrics exposes metrics about resource annotations
2030364 - Shared resource CSI driver monitoring is not setup correctly
2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets
2030534 - Node selector/tolerations rules are evaluated too early
2030539 - Prometheus is not highly available
2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing
2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation
2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates.
2030677 - BOND CNI: There is no option to configure MTU on a Bond interface
2030692 - NPE in PipelineJobListener.upsertWorkflowJob
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2030847 - PerformanceProfile API version should be v2
2030961 - Customizing the OAuth server URL does not apply to upgraded cluster
2031006 - Application name input field is not autofocused when user selects "Create application"
2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex
2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started
2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue
2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip
2031060 - Failing CSR Unit test due to expired test certificate
2031085 - ovs-vswitchd running more threads than expected
2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability
2031502 - [RFE] New common templates crash the ui
2031685 - Duplicated forward upstreams should be removed from the dns operator
2031699 - The displayed ipv6 address of a dns upstream should be case sensitive
2031797 - [RFE] Order and text of Boot source type input are wrong
2031826 - CI tests needed to confirm driver-toolkit image contents
2031831 - OCP Console - Global CSS overrides affecting dynamic plugins
2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional
2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)
2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)
2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself
2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource
2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64
2032141 - open the alertrule link in new tab, got empty page
2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy
2032296 - Cannot create machine with ephemeral disk on Azure
2032407 - UI will show the default openshift template wizard for HANA template
2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded
2032421 - [RFE] UI integration with automatic updated images
2032516 - Not able to import git repo with .devfile.yaml
2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource
2032547 - hardware devices table have filter when table is empty
2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool
2032566 - Cluster-ingress-router does not support Azure Stack
2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso
2032589 - DeploymentConfigs ignore resolve-names annotation
2032732 - Fix styling conflicts due to recent console-wide CSS changes
2032831 - Knative Services and Revisions are not shown when Service has no ownerReference
2032851 - Networking is "not available" in Virtualization Overview
2032926 - Machine API components should use K8s 1.23 dependencies
2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24
2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster
2033013 - Project dropdown in user preferences page is broken
2033044 - Unable to change import strategy if devfile is invalid
2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable
2033111 - IBM VPC operator library bump removed global CLI args
2033138 - "No model registered for Templates" shows on customize wizard
2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected
2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected
2033257 - unable to use configmap for helm charts
2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered
2033290 - Product builds for console are failing
2033382 - MAPO is missing machine annotations
2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations
2033403 - Devfile catalog does not show provider information
2033404 - Cloud event schema is missing source type and resource field is using wrong value
2033407 - Secure route data is not pre-filled in edit flow form
2033422 - CNO not allowing LGW conversion from SGW in runtime
2033434 - Offer darwin/arm64 oc in clidownloads
2033489 - CCM operator failing on baremetal platform
2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver
2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains
2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady
2033538 - Gather Cost Management Metrics Custom Resource
2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined
2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page
2033634 - list-style-type: disc is applied to the modal dropdowns
2033720 - Update samples in 4.10
2033728 - Bump OVS to 2.16.0-33
2033729 - remove runtime request timeout restriction for azure
2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended
2033749 - Azure Stack Terraform fails without Local Provider
2033750 - Local volume should pull multi-arch image for kube-rbac-proxy
2033751 - Bump kubernetes to 1.23
2033752 - make verify fails due to missing yaml-patch
2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource
2034004 - [e2e][automation] add tests for VM snapshot improvements
2034068 - [e2e][automation] Enhance tests for 4.10 downstream
2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore
2034097 - [OVN] After edit EgressIP object, the status is not correct
2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning
2034129 - blank page returned when clicking 'Get started' button
2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0
2034153 - CNO does not verify MTU migration for OpenShiftSDN
2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled
2034170 - Use function.knative.dev for Knative Functions related labels
2034190 - unable to add new VirtIO disks to VMs
2034192 - Prometheus fails to insert reporting metrics when the sample limit is met
2034243 - regular user cant load template list
2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version"
2034248 - GPU/Host device modal is too small
2034257 - regular user <code>Create VM</code> missing permissions alert
2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere
2034300 - Du validator policy is NonCompliant after DU configuration completed
2034319 - Negation constraint is not validating packages
2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology
2034350 - The CNO should implement the Whereabouts IP reconciliation cron job
2034362 - update description of disk interface
2034398 - The Whereabouts IPPools CRD should include the podref field
2034409 - Default CatalogSources should be pointing to 4.10 index images
2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics
2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode
2034460 - Summary: cloud-network-config-controller does not account for different environment
2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true
2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly
2034493 - Change cluster version operator log level
2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list
2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6
2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer
2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART
2034537 - Update team
2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds
2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success
2034577 - Current OVN gateway mode should be reflected on node annotation as well
2034621 - context menu not popping up for application group
2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10
2034624 - Warn about unsupported CSI driver in vsphere operator
2034647 - missing volumes list in snapshot modal
2034648 - Rebase openshift-controller-manager to 1.23
2034650 - Rebase openshift/builder to 1.23
2034705 - vSphere: storage e2e tests logging configuration data
2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.
2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment
2034785 - ptpconfig with summary_interval cannot be applied
2034823 - RHEL9 should be starred in template list
2034838 - An external router can inject routes if no service is added
2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent
2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty
2034881 - Cloud providers components should use K8s 1.23 dependencies
2034884 - ART cannot build the image because it tries to download controller-gen
2034889 - <code>oc adm prune deployments</code> does not work
2034898 - Regression in recently added Events feature
2034957 - update openshift-apiserver to kube 1.23.1
2035015 - ClusterLogForwarding CR remains stuck remediating forever
2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster
2035141 - [RFE] Show GPU/Host devices in template's details tab
2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC
2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting
2035199 - IPv6 support in mtu-migration-dispatcher.yaml
2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing
2035250 - Peering with ebgp peer over multi-hops doesn't work
2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices
2035315 - invalid test cases for AWS passthrough mode
2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env
2035321 - Add Sprint 211 translations
2035326 - [ExternalCloudProvider] installation with additional network on workers fails
2035328 - Ccoctl does not ignore credentials request manifest marked for deletion
2035333 - Kuryr orphans ports on 504 errors from Neutron
2035348 - Fix two grammar issues in kubevirt-plugin.json strings
2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
2035409 - OLM E2E test depends on operator package that's no longer published
2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address
2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'
2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster
2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page
2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers
2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class
2035602 - [e2e][automation] add tests for Virtualization Overview page cards
2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly
2035704 - RoleBindings list page filter doesn't apply
2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.
2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed
2035772 - AccessMode and VolumeMode is not reserved for customize wizard
2035847 - Two dashes in the Cronjob / Job pod name
2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml
2035882 - [BIOS setting values] Create events for all invalid settings in spec
2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”
2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen
2035927 - Cannot enable HighNodeUtilization scheduler profile
2035933 - volume mode and access mode are empty in customize wizard review tab
2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods
2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation
2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error
2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential
2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend
2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes
2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23
2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23
2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments
2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists
2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected
2036826 - <code>oc adm prune deployments</code> can prune the RC/RS
2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform
2036861 - kube-apiserver is degraded while enable multitenant
2036937 - Command line tools page shows wrong download ODO link
2036940 - oc registry login fails if the file is empty or stdout
2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container
2036989 - Route URL copy to clipboard button wraps to a separate line by itself
2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters
2036993 - Machine API components should use Go lang version 1.17
2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.
2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api
2037073 - Alertmanager container fails to start because of startup probe never being successful
2037075 - Builds do not support CSI volumes
2037167 - Some log level in ibm-vpc-block-csi-controller are hard code
2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles
2037182 - PingSource badge color is not matched with knativeEventing color
2037203 - "Running VMs" card is too small in Virtualization Overview
2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly
2037237 - Add "This is a CD-ROM boot source" to customize wizard
2037241 - default TTL for noobaa cache buckets should be 0
2037246 - Cannot customize auto-update boot source
2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately
2037288 - Remove stale image reference
2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources
2037483 - Rbacs for Pods within the CBO should be more restrictive
2037484 - Bump dependencies to k8s 1.23
2037554 - Mismatched wave number error message should include the wave numbers that are in conflict
2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]
2037635 - impossible to configure custom certs for default console route in ingress config
2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8
2037638 - Builds do not support CSI volumes as volume sources
2037664 - text formatting issue in Installed Operators list table
2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037801 - Serverless installation is failing on CI jobs for e2e tests
2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format
2037856 - use lease for leader election
2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10
2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests
2037904 - upgrade operator deployment failed due to memory limit too low for manager container
2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]
2038034 - non-privileged user cannot see auto-update boot source
2038053 - Bump dependencies to k8s 1.23
2038088 - Remove ipa-downloader references
2038160 - The <code>default</code> project missed the annotation : openshift.io/node-selector: ""
2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional
2038196 - must-gather is missing collecting some metal3 resources
2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)
2038253 - Validator Policies are long lived
2038272 - Failures to build a PreprovisioningImage are not reported
2038384 - Azure Default Instance Types are Incorrect
2038389 - Failing test: [sig-arch] events should not repeat pathologically
2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket
2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips
2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained
2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect
2038663 - update kubevirt-plugin OWNERS
2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"
2038705 - Update ptp reviewers
2038761 - Open Observe->Targets page, wait for a while, page become blank
2038768 - All the filters on the Observe->Targets page can't work
2038772 - Some monitors failed to display on Observe->Targets page
2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node
2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces
2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard
2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation
2038864 - E2E tests fail because multi-hop-net was not created
2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console
2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured
2038968 - Move feature gates from a carry patch to openshift/api
2039056 - Layout issue with breadcrumbs on API explorer page
2039057 - Kind column is not wide enough in API explorer page
2039064 - Bulk Import e2e test flaking at a high rate
2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled
2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters
2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost
2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator
2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade
2039227 - Improve image customization server parameter passing during installation
2039241 - Improve image customization server parameter passing during installation
2039244 - Helm Release revision history page crashes the UI
2039294 - SDN controller metrics cannot be consumed correctly by prometheus
2039311 - oc Does Not Describe Build CSI Volumes
2039315 - Helm release list page should only fetch secrets for deployed charts
2039321 - SDN controller metrics are not being consumed by prometheus
2039330 - Create NMState button doesn't work in OperatorHub web console
2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations
2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.
2039359 - <code>oc adm prune deployments</code> can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced
2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message
2040150 - Update ConfigMap keys for IBM HPCS
2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth
2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository
2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp
2040376 - "unknown instance type" error for supported m6i.xlarge instance
2040394 - Controller: enqueue the failed configmap till services update
2040467 - Cannot build ztp-site-generator container image
2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4
2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps
2040535 - Auto-update boot source is not available in customize wizard
2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name
2040603 - rhel worker scaleup playbook failed because missing some dependency of podman
2040616 - rolebindings page doesn't load for normal users
2040620 - [MAPO] Error pulling MAPO image on installation
2040653 - Topology sidebar warns that another component is updated while rendering
2040655 - User settings update fails when selecting application in topology sidebar
2040661 - Different react warnings about updating state on unmounted components when leaving topology
2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation
2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi
2040694 - Three upstream HTTPClientConfig struct fields missing in the operator
2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers
2040710 - cluster-baremetal-operator cannot update BMC subscription CR
2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms
2040782 - Import YAML page blocks input with more then one generateName attribute
2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute
2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator
2040793 - Fix snapshot e2e failures
2040880 - do not block upgrades if we can't connect to vcenter
2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10
2041093 - autounattend.xml missing
2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates
2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"
2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23
2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller
2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener
2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud
2041466 - Kubedescheduler version is missing from the operator logs
2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses
2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)
2041492 - Spacing between resources in inventory card is too small
2041509 - GCP Cloud provider components should use K8s 1.23 dependencies
2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook
2041541 - audit: ManagedFields are dropped using API not annotation
2041546 - ovnkube: set election timer at RAFT cluster creation time
2041554 - use lease for leader election
2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"
2041583 - etcd and api server cpu mask interferes with a guaranteed workload
2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure
2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation
2041620 - bundle CSV alm-examples does not parse
2041641 - Fix inotify leak and kubelet retaining memory
2041671 - Delete templates leads to 404 page
2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category
2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled
2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint
2041763 - The Observe > Alerting pages no longer have their default sort order applied
2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken
2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied
2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster
2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases
2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist
2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen
2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile
2041999 - [PROXY] external dns pod cannot recognize custom proxy CA
2042001 - unexpectedly found multiple load balancers
2042029 - kubedescheduler fails to install completely
2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters
2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs
2042059 - update discovery burst to reflect lots of CRDs on openshift clusters
2042069 - Revert toolbox to rhcos-toolbox
2042169 - Can not delete egressnetworkpolicy in Foreground propagation
2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool
2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud
2042274 - Storage API should be used when creating a PVC
2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection
2042366 - Lifecycle hooks should be independently managed
2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway
2042382 - [e2e][automation] CI takes more then 2 hours to run
2042395 - Add prerequisites for active health checks test
2042438 - Missing rpms in openstack-installer image
2042466 - Selection does not happen when switching from Topology Graph to List View
2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver
2042567 - insufficient info on CodeReady Containers configuration
2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk
2042619 - Overview page of the console is broken for hypershift clusters
2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running
2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud
2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud
2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly
2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)
2042851 - Create template from SAP HANA template flow - VM is created instead of a new template
2042906 - Edit machineset with same machine deletion hook name succeed
2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"
2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'
2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
2043043 - Cluster Autoscaler should use K8s 1.23 dependencies
2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)
2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2044201 - Templates golden image parameters names should be supported
2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]
2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"
2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects
2044347 - Bump to kubernetes 1.23.3
2044481 - collect sharedresource cluster scoped instances with must-gather
2044496 - Unable to create hardware events subscription - failed to add finalizers
2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
2044680 - Additional libovsdb performance and resource consumption fixes
2044704 - Observe > Alerting pages should not show runbook links in 4.10
2044717 - [e2e] improve tests for upstream test environment
2044724 - Remove namespace column on VM list page when a project is selected
2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff
2044808 - machine-config-daemon-pull.service: use <code>cp</code> instead of <code>cat</code> when extracting MCD in OKD
2045024 - CustomNoUpgrade alerts should be ignored
2045112 - vsphere-problem-detector has missing rbac rules for leases
2045199 - SnapShot with Disk Hot-plug hangs
2045561 - Cluster Autoscaler should use the same default Group value as Cluster API
2045591 - Reconciliation of aws pod identity mutating webhook did not happen
2045849 - Add Sprint 212 translations
2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10
2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin
2045916 - [IBMCloud] Default machine profile in installer is unreliable
2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment
2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify
2046137 - oc output for unknown commands is not human readable
2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance
2046297 - Bump DB reconnect timeout
2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations
2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors
2046626 - Allow setting custom metrics for Ansible-based Operators
2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud
2047025 - Installation fails because of Alibaba CSI driver operator is degraded
2047190 - Bump Alibaba CSI driver for 4.10
2047238 - When using communities and localpreferences together, only localpreference gets applied
2047255 - alibaba: resourceGroupID not found
2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions
2047317 - Update HELM OWNERS files under Dev Console
2047455 - [IBM Cloud] Update custom image os type
2047496 - Add image digest feature
2047779 - do not degrade cluster if storagepolicy creation fails
2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2047929 - use lease for leader election
2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services
2048048 - Application tab in User Preferences dropdown menus are too wide.
2048050 - Topology list view items are not highlighted on keyboard navigation
2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value
2048413 - Bond CNI: Failed to attach Bond NAD to pod
2048443 - Image registry operator panics when finalizes config deletion
2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*
2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt
2048598 - Web terminal view is broken
2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure
2048891 - Topology page is crashed
2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class
2049043 - Cannot create VM from template
2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2049886 - Placeholder bug for OCP 4.10.0 metadata release
2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning
2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2
2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0
2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'
2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]
2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members
2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes
2050370 - alert data for burn budget needs to be updated to prevent regression
2050393 - ZTP missing support for local image registry and custom machine config
2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud
2050737 - Remove metrics and events for master port offsets
2050801 - Vsphere upi tries to access vsphere during manifests generation phase
2050883 - Logger object in LSO does not log source location accurately
2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit
2052062 - Whereabouts should implement client-go 1.22+
2052125 - [4.10] Crio appears to be coredumping in some scenarios
2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config
2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics <code>vsphere_rwx_volumes_total</code> not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.
2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1
2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch
2052756 - [4.10] PVs are not being cleaned up after PVC deletion
2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format"
2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs
2053268 - inability to detect static lifecycle failure
2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates
2053323 - OpenShift-Ansible BYOH Unit Tests are Broken
2053339 - Remove dev preview badge from IBM FlashSystem deployment windows
2053751 - ztp-site-generate container is missing convenience entrypoint
2053945 - [4.10] Failed to apply sriov policy on intel nics
2054109 - Missing "app" label
2054154 - RoleBinding in project without subject is causing "Project access" page to fail
2054244 - Latest pipeline run should be listed on the top of the pipeline run list
2054288 - console-master-e2e-gcp-console is broken
2054562 - DPU network operator 4.10 branch need to sync with master
2054897 - Unable to deploy hw-event-proxy operator
2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently
2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line
2055371 - Remove Check which enforces summary_interval must match logSyncInterval
2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11
2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured
2056479 - ovirt-csi-driver-node pods are crashing intermittently
2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"
2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"
2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs
2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
2056948 - post 1.23 rebase: regression in service-load balancer reliability
2057438 - Service Level Agreement (SLA) always show 'Unknown'
2057721 - Fix Proxy support in RHACM 2.4.2
2057724 - Image creation fails when NMstateConfig CR is empty
2058641 - [4.10] Pod density test causing problems when using kube-burner
2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install
2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials
2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2014-3577
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2018-1000858
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-9952
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-25660
https://access.redhat.com/security/cve/CVE-2020-25677
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-27781
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-3516
https://access.redhat.com/security/cve/CVE-2021-3517
https://access.redhat.com/security/cve/CVE-2021-3518
https://access.redhat.com/security/cve/CVE-2021-3520
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3537
https://access.redhat.com/security/cve/CVE-2021-3541
https://access.redhat.com/security/cve/CVE-2021-3733
https://access.redhat.com/security/cve/CVE-2021-3749
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-21684
https://access.redhat.com/security/cve/CVE-2021-22946
https://access.redhat.com/security/cve/CVE-2021-22947
https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/cve/CVE-2021-27218
https://access.redhat.com/security/cve/CVE-2021-30666
https://access.redhat.com/security/cve/CVE-2021-30761
https://access.redhat.com/security/cve/CVE-2021-30762
https://access.redhat.com/security/cve/CVE-2021-33928
https://access.redhat.com/security/cve/CVE-2021-33929
https://access.redhat.com/security/cve/CVE-2021-33930
https://access.redhat.com/security/cve/CVE-2021-33938
https://access.redhat.com/security/cve/CVE-2021-36222
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2021-39226
https://access.redhat.com/security/cve/CVE-2021-41190
https://access.redhat.com/security/cve/CVE-2021-43813
https://access.redhat.com/security/cve/CVE-2021-44716
https://access.redhat.com/security/cve/CVE-2021-44717
https://access.redhat.com/security/cve/CVE-2022-0532
https://access.redhat.com/security/cve/CVE-2022-21673
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL
0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne
eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM
CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF
aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC
Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp
sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO
RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN
rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry
bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z
7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT
b5PUYUBIZLc=
=GUDA
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Solution:</p>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>The References section of this erratum contains a download link for the
update. You must be logged in to download the update. Description:</p>
<p>Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images</p>
<p>Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in. </p>
<p>Bug fixes:</p>
<ul>
<li>
<p>RHACM 2.1.6 images (BZ#1940581)</p>
</li>
<li>
<p>When generating the import cluster string, it can include unescaped
characters (BZ#1934184)</p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ul>
<p>1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation
1934184 - When generating the import cluster string, it can include unescaped characters
1940581 - RHACM 2.1.6 images</p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages
that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most
significant bug fixes and enhancements included in this release. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss Core Services on RHEL 7 Server:</p>
<p>Source:
jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm
jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm
jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm
jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm
jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm
jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm
jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm
jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm
jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm</p>
<p>noarch:
jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm</p>
<p>ppc64:
jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm</p>
<p>x86_64:
jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library. </p>
<p>Security Fix(es):</p>
<ul>
<li>golang: crypto/tls: certificate of wrong type is causing TLS client to
panic
(CVE-2021-34558)</li>
<li>golang: net: lookup functions may return invalid host names
(CVE-2021-33195)</li>
<li>golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)</li>
<li>golang: match/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)</li>
<li>golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a
custom TokenReader (CVE-2021-27918)</li>
<li>golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header (CVE-2021-31525)</li>
<li>golang: archive/zip: malformed archive may cause panic or memory
exhaustion (CVE-2021-33196)</li>
</ul>
<p>It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196
have been incorrectly mentioned as fixed in RHSA for Serverless client kn
1.16.0. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1983651 - Release of OpenShift Serverless Serving 1.17.0
1983654 - Release of OpenShift Serverless Eventing 1.17.0
1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196</p>
<p>5</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202103-1463" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202103-1463" aria-expanded="false" aria-controls="collapseJsonvar-202103-1463">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202103-1463&t=Vulnerability var-202103-1463" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202103-1463&title=Vulnerability var-202103-1463" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202103-1463&url=https://vulnerability.circl.lu/vuln/var-202103-1463" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202103-1463&title=Vulnerability var-202103-1463" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202103-1463&description=Vulnerability var-202103-1463" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202103-1463&title=Vulnerability var-202103-1463" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202103-1463')" vuln-id="var-202103-1463" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202103-1463">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202103-1463">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storagegrid",
"scope": "eq",
"trust": 2.0,
"vendor": "netapp",
"version": null
},
{
"model": "capture client",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.6.24"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "18.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "nessus agent",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1-r1456"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "19.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "17.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.11"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1h"
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "nessus agent",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.1k",
"versionStartIncluding": "1.1.1h",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.23",
"versionStartIncluding": "8.0.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.33",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.1.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.59",
"versionStartIncluding": "8.57",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1.0-17sv",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.1-r1456",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.14.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.16.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.22.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.24.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 0.9
},
"cve": "CVE-2021-3450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-388430",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3450",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-3450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388430",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-3450",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. \nExploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID: RHSA-2022:0056-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0056\nIssue date: 2022-03-10\nCVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027 is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027 is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\" in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027 is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027 ENV which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation] add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer: ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10] sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs : Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure - Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error \"unable to pull manifest from example.com/busy.box:v5 invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
},
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3450",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-08",
"trust": 1.2
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.2
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388430",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-09",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-3450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"id": "VAR-202103-1463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
}
],
"trust": 0.38583214499999996
},
"last_update_date": "2024-07-23T21:05:39.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2021/03/25/openssl_bug_fix/"
},
{
"title": "Red Hat: CVE-2021-3450",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-3450"
},
{
"title": "IBM: Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3449, CVE-2021-3450)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=084930e972e3fa390ca483e019684fa8"
},
{
"title": "Arch Linux Advisories: [ASA-202103-10] openssl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-10"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1622",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1622"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-3450 log"
},
{
"title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-openssl-2021-ghy28djd"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-05"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-117"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=928e1f86fc9400462623e646ce4f11d9"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "yr_of_the_jellyfish",
"trust": 0.1,
"url": "https://github.com/rnbochsr/yr_of_the_jellyfish "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
},
{
"title": "tekton-image-scan-trivy",
"trust": 0.1,
"url": "https://github.com/vinamra28/tekton-image-scan-trivy "
},
{
"title": "TASSL-1.1.1k",
"trust": 0.1,
"url": "https://github.com/jntass/tassl-1.1.1k "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/scholarnishu/trivy-by-aquasecurity "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/teresaweber685/book_list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/fredrkl/trivy-demo "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.2,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.2,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.2,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html"
},
{
"trust": 1.2,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162183"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2021-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"date": "2021-05-19T14:19:18",
"db": "PACKETSTORM",
"id": "162694"
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2022-03-11T16:38:38",
"db": "PACKETSTORM",
"id": "166279"
},
{
"date": "2021-04-14T16:40:32",
"db": "PACKETSTORM",
"id": "162183"
},
{
"date": "2021-04-26T19:21:56",
"db": "PACKETSTORM",
"id": "162337"
},
{
"date": "2021-04-15T13:49:54",
"db": "PACKETSTORM",
"id": "162196"
},
{
"date": "2021-04-15T13:50:39",
"db": "PACKETSTORM",
"id": "162201"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2021-03-25T15:15:13.560000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-388430"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3450"
},
{
"date": "2023-11-07T03:38:00.923000",
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2021-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201805-1189">var-201805-1189</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users.
Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:</p>
<p>Red Hat Openshift Application Runtimes provides an application platform
that reduces the complexity of developing and operating applications
(monoliths and microservices) for OpenShift as a containerized platform. For further
information, refer to the Release Notes linked to in the References
section. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)</p>
</li>
<li>
<p>spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)</p>
</li>
<li>
<p>spring-security-oauth2: Remote Code Execution with spring-security-oauth2
(CVE-2018-1260)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging
1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration
1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat Fuse 7.2 security update
Advisory ID: RHSA-2018:3768-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768
Issue date: 2018-12-04
CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196
CVE-2018-1257 CVE-2018-1259 CVE-2018-1288
CVE-2018-1336 CVE-2018-8014 CVE-2018-8018
CVE-2018-8039 CVE-2018-8041 CVE-2018-12537
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update is now available for Red Hat Fuse. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Fuse enables integration experts, application developers, and
business users to collaborate and independently develop connected
solutions. </p>
<p>Fuse is part of an agile integration solution. Its distributed approach
allows teams to deploy integrated services where required. The API-centric,
container-based architecture decouples services so they can be created,
extended, and deployed independently. </p>
<p>This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse
7.1, and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>xmlrpc: Deserialization of untrusted Java object through
<ex:serializable> tag (CVE-2016-5003)</p>
</li>
<li>
<p>tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)</p>
</li>
<li>
<p>ignite: Improper deserialization allows for code execution via
GridClientJdkMarshaller endpoint (CVE-2018-8018)</p>
</li>
<li>
<p>apache-cxf: TLS hostname verification does not work correctly with
com.sun.net.ssl.* (CVE-2018-8039)</p>
</li>
<li>
<p>xmlrpc: XML external entity vulnerability SSRF via a crafted DTD
(CVE-2016-5002)</p>
</li>
<li>
<p>undertow: Client can use bogus uri in Digest authentication
(CVE-2017-12196)</p>
</li>
<li>
<p>spring-data-commons: XXE with Spring Dataas XMLBeam integration
(CVE-2018-1259)</p>
</li>
<li>
<p>kafka: Users can perform Broker actions via crafted fetch requests,
interfering with data replication and causing data lass (CVE-2018-1288)</p>
</li>
<li>
<p>tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for
all origins (CVE-2018-8014)</p>
</li>
<li>
<p>camel-mail: path traversal vulnerability (CVE-2018-8041)</p>
</li>
<li>
<p>vertx: Improper neutralization of CRLF sequences allows remote attackers
to inject arbitrary HTTP response headers (CVE-2018-12537)</p>
</li>
<li>
<p>spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. </p>
<p>Red Hat would like to thank Eedo Shapira (GE Digital) for reporting
CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red
Hat). </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>Installation instructions are located in the download section of the
customer portal. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication
1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD
1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag
1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging
1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration
1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers
1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*
1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint
1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass
1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2016-5002
https://access.redhat.com/security/cve/CVE-2016-5003
https://access.redhat.com/security/cve/CVE-2017-12196
https://access.redhat.com/security/cve/CVE-2018-1257
https://access.redhat.com/security/cve/CVE-2018-1259
https://access.redhat.com/security/cve/CVE-2018-1288
https://access.redhat.com/security/cve/CVE-2018-1336
https://access.redhat.com/security/cve/CVE-2018-8014
https://access.redhat.com/security/cve/CVE-2018-8018
https://access.redhat.com/security/cve/CVE-2018-8039
https://access.redhat.com/security/cve/CVE-2018-8041
https://access.redhat.com/security/cve/CVE-2018-12537
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/
https://access.redhat.com/articles/2939351</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B
RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI
87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF
Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/
BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4
ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H
bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S
WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf
dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9
1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA
e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g
UOgTm4iHIhQ=
=RCpd
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201805-1189" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201805-1189" aria-expanded="false" aria-controls="collapseJsonvar-201805-1189">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201805-1189&t=Vulnerability var-201805-1189" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201805-1189&title=Vulnerability var-201805-1189" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201805-1189&url=https://vulnerability.circl.lu/vuln/var-201805-1189" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201805-1189&title=Vulnerability var-201805-1189" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201805-1189&description=Vulnerability var-201805-1189" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201805-1189&title=Vulnerability var-201805-1189" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201805-1189')" vuln-id="var-201805-1189" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201805-1189">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201805-1189">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openshift",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0.0.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.12.0.3"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.17"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.2.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "enterprise manager for mysql database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.17"
},
{
"model": "openshift",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.x"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.x"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.17"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.16"
}
],
"sources": [
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1257"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.",
"sources": [
{
"db": "BID",
"id": "104260"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-1257",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-122542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-1257",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1257",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-405",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122542",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1257",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nSpring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\n* spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)\n\n* spring-security-oauth2: Remote Code Execution with spring-security-oauth2\n(CVE-2018-1260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.2 security update\nAdvisory ID: RHSA-2018:3768-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3768\nIssue date: 2018-12-04\nCVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 \n CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 \n CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 \n CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse enables integration experts, application developers, and\nbusiness users to collaborate and independently develop connected\nsolutions. \n\nFuse is part of an agile integration solution. Its distributed approach\nallows teams to deploy integrated services where required. The API-centric,\ncontainer-based architecture decouples services so they can be created,\nextended, and deployed independently. \n\nThis release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse\n7.1, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* xmlrpc: Deserialization of untrusted Java object through\n\u003cex:serializable\u003e tag (CVE-2016-5003)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* ignite: Improper deserialization allows for code execution via\nGridClientJdkMarshaller endpoint (CVE-2018-8018)\n\n* apache-cxf: TLS hostname verification does not work correctly with\ncom.sun.net.ssl.* (CVE-2018-8039)\n\n* xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n(CVE-2016-5002)\n\n* undertow: Client can use bogus uri in Digest authentication\n(CVE-2017-12196)\n\n* spring-data-commons: XXE with Spring Dataas XMLBeam integration\n(CVE-2018-1259)\n\n* kafka: Users can perform Broker actions via crafted fetch requests,\ninterfering with data replication and causing data lass (CVE-2018-1288)\n\n* tomcat: Insecure defaults in CORS filter enable \u0027supportsCredentials\u0027 for\nall origins (CVE-2018-8014)\n\n* camel-mail: path traversal vulnerability (CVE-2018-8041)\n\n* vertx: Improper neutralization of CRLF sequences allows remote attackers\nto inject arbitrary HTTP response headers (CVE-2018-12537)\n\n* spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Eedo Shapira (GE Digital) for reporting\nCVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red\nHat). \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication\n1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through \u003cex:serializable\u003e tag\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable \u0027supportsCredentials\u0027 for all origins\n1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint\n1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass\n1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5002\nhttps://access.redhat.com/security/cve/CVE-2016-5003\nhttps://access.redhat.com/security/cve/CVE-2017-12196\nhttps://access.redhat.com/security/cve/CVE-2018-1257\nhttps://access.redhat.com/security/cve/CVE-2018-1259\nhttps://access.redhat.com/security/cve/CVE-2018-1288\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-8014\nhttps://access.redhat.com/security/cve/CVE-2018-8018\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-8041\nhttps://access.redhat.com/security/cve/CVE-2018-12537\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.2.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B\nRWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI\n87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF\nEa+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/\nBVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4\nahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H\nbcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S\nWlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf\ndbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9\n1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA\ne4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g\nUOgTm4iHIhQ=\n=RCpd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1257",
"trust": 3.1
},
{
"db": "BID",
"id": "104260",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148079",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-122542",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150645",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"id": "VAR-201805-1189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:14:21.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1257: ReDoS Attack with spring-messaging",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"title": "RHSA-2018:1809",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2018:1809"
},
{
"title": "Pivotal Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80032"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181809 - security advisory"
},
{
"title": "Red Hat: CVE-2018-1257",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1257"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183768 - security advisory"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104260"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2018:1809"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:3768"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1257"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1259"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1257"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot\u0026downloadtype=distributions\u0026version=1.5.13"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=7.2.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2939351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12196"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122542"
},
{
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"db": "BID",
"id": "104260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"db": "PACKETSTORM",
"id": "148079"
},
{
"db": "PACKETSTORM",
"id": "150645"
},
{
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122542"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104260"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"date": "2018-06-07T15:16:13",
"db": "PACKETSTORM",
"id": "148079"
},
{
"date": "2018-12-06T02:15:34",
"db": "PACKETSTORM",
"id": "150645"
},
{
"date": "2018-05-11T20:29:00.213000",
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-122542"
},
{
"date": "2022-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1257"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104260"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005091"
},
{
"date": "2022-06-23T16:31:30.630000",
"db": "NVD",
"id": "CVE-2018-1257"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005091"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "104260"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-405"
}
],
"trust": 0.9
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1787">var-202003-1787</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p>
</li>
<li>
<p>cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)</p>
</li>
<li>
<p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p>
</li>
<li>
<p>HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)</p>
</li>
<li>
<p>HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)</p>
</li>
<li>
<p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)</p>
</li>
<li>
<p>HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)</p>
</li>
<li>
<p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)</p>
</li>
<li>
<p>keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)</p>
</li>
<li>
<p>keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)</p>
</li>
<li>
<p>keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)</p>
</li>
<li>
<p>keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)</p>
</li>
<li>
<p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p>
</li>
<li>
<p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</p>
</li>
<li>
<p>SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)</p>
</li>
<li>
<p>thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p>
</li>
<li>
<p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)</p>
</li>
<li>
<p>xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)</p>
</li>
</ul>
<p>For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. You must be logged in to download the update. </p>
<p>NOTE: This advisory is an addendum to
https://access.redhat.com/errata/RHBA-2020:1414 and is an informational
advisory only, to clarify security fixes released therein. No code has been
modified as part of this advisory. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1
JBEAP-18974 - Upgrade snakeyaml to 1.26
JBEAP-18975 - Upgrade cryptacular to 1.2.4
JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001
JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final
JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final
JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final
JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project. </p>
<p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum. Solution:</p>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p>
<ol>
<li>The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </li>
</ol>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: rh-maven35-jackson-databind security update
Advisory ID: RHSA-2020:1523-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523
Issue date: 2020-04-21
Cross references: 1822587 1822174 1822932 1822937 1822927
CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111
CVE-2020-11112 CVE-2020-11113
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for rh-maven35-jackson-databind is now available for Red Hat
Software Collections. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg
LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB
N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp
dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J
998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT
22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK
+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv
yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0
x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m
g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J
PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt
8yoMyLl6FBM=
=n1if
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1787" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1787" aria-expanded="false" aria-controls="collapseJsonvar-202003-1787">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1787&t=Vulnerability var-202003-1787" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1787&url=https://vulnerability.circl.lu/vuln/var-202003-1787" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1787&description=Vulnerability var-202003-1787" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1787&title=Vulnerability var-202003-1787" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1787')" vuln-id="var-202003-1787" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1787">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1787">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1787",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 1.4
},
"cve": "CVE-2020-11111",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003615",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163657",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11111",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003615",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11111",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11111",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003615",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163657",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11111",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11111",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48395",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-21474",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163657",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"id": "VAR-202003-1787",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:10:30.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Block one more gadget type (activemq-pool[-jms], CVE-2020-11111) #2664",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2664"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115371"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2664"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11111"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-activemq-serialization-gadgets-typing-32063"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48395"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-163657"
},
{
"date": "2020-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601"
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"date": "2020-03-31T05:15:13.007000",
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-163657"
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003615"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"date": "2024-07-03T01:36:10.713000",
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003615"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0263">var-200904-0263</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. </p>
<p>PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS</p>
<p>GRANT_TXT VARCHAR2(100);
GRANT_OPT VARCHAR2(20) := ' with grant option';
BEGIN</p>
<p>EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);</p>
<p>[...]</p>
<p>Patch Information
Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0263" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0263" aria-expanded="false" aria-controls="collapseJsonvar-200904-0263">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0263&t=Vulnerability var-200904-0263" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0263&title=Vulnerability var-200904-0263" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0263&url=https://vulnerability.circl.lu/vuln/var-200904-0263" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0263&title=Vulnerability var-200904-0263" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0263&description=Vulnerability var-200904-0263" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0263&title=Vulnerability var-200904-0263" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0263')" vuln-id="var-200904-0263" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0263">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0263">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0977",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0977",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. \n\nPROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS\n\nGRANT_TXT VARCHAR2(100);\nGRANT_OPT VARCHAR2(20) := \u0027 with grant option\u0027;\nBEGIN\n\nEXECUTE_STMT( \u0027grant execute on sys.aq$_agent to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_subscribers to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_recipients to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\n\n[...]\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0977",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQADM_SYS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"id": "VAR-200904-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:33:52.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502727/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502727/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0977"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:53:18",
"db": "PACKETSTORM",
"id": "76730"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.407000",
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2018-10-10T19:32:40.630000",
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0271">var-200904-0271</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0271" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0271" aria-expanded="false" aria-controls="collapseJsonvar-200904-0271">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0271&t=Vulnerability var-200904-0271" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0271&title=Vulnerability var-200904-0271" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0271&url=https://vulnerability.circl.lu/vuln/var-200904-0271" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0271&title=Vulnerability var-200904-0271" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0271&description=Vulnerability var-200904-0271" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0271&title=Vulnerability var-200904-0271" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0271')" vuln-id="var-200904-0271" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0271">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0271">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0985",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0985",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0985",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"id": "VAR-200904-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:02.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.547000",
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2012-10-23T03:04:25.787000",
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Core RDBMS Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201102-0003">var-201102-0003</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1016. Reason: This candidate is a reservation duplicate of CVE-2009-1016. Notes: All CVE users should reference CVE-2009-1016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ====================================================================== </p>
<pre><code> Secunia Research 15/04/2009
</code></pre>
<ul>
<li>Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow -</li>
</ul>
<p>======================================================================
Table of Contents</p>
<p>Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10</p>
<p>======================================================================
1) Affected Software </p>
<ul>
<li>Oracle BEA WebLogic Server Plug-ins version 1.0.1166189. </li>
</ul>
<p>NOTE: Other versions may also be affected. </p>
<p>======================================================================
2) Severity </p>
<p>Rating: Highly critical
Impact: System access
Where: From Remote</p>
<p>======================================================================
3) Vendor's Description of Software </p>
<p>"... the world's best application server for building and deploying
enterprise applications and services ...". </p>
<p>Product Link:
http://www.oracle.com/technology/products/weblogic/index.html</p>
<p>======================================================================
4) Description of Vulnerability</p>
<p>Secunia Research has discovered a vulnerability in the Oracle BEA
WebLogic Server plug-ins for web servers, which can be exploited by
malicious people to compromise a vulnerable system. </p>
<p>The Oracle BEA WebLogic Server can be configured to receive requests
via an Apache web server. In this case, a plug-in is installed in the
Internet-facing web server that passes the request to a WebLogic
server. </p>
<p>The Apache web server may be configured to accept SSL connections and
forward the request to the WebLogic server along with any SSL-related
information. If the SSL client supplies a certificate (and the Apache
server is configured to accept it), then the certificate is passed to
the WebLogic plug-in via an environment variable. </p>
<p>The vulnerability is caused by a boundary error when parsing
certificates and can be exploited to cause a stack-based buffer
overflow by supplying a specially crafted certificate. </p>
<p>Successful exploitation may allow execution of arbitrary code. </p>
<p>======================================================================
5) Solution </p>
<p>Apply patches released by the vendor. </p>
<p>======================================================================
6) Time Table </p>
<p>01/03/2009 - Vendor notified.
06/03/2009 - Vendor confirms vulnerability.
17/03/2009 - Vendor provides preliminary patch.
15/04/2009 - Public disclosure. </p>
<p>======================================================================
7) Credits </p>
<p>Discovered by Dyon Balding, Secunia Research. </p>
<p>======================================================================
8) References</p>
<p>The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-0190 for the vulnerability. </p>
<p>======================================================================
9) About Secunia</p>
<p>Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:</p>
<p>http://secunia.com/advisories/business_solutions/</p>
<p>Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security. </p>
<p>http://secunia.com/advisories/</p>
<p>Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:</p>
<p>http://secunia.com/secunia_research/</p>
<p>Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:</p>
<p>http://secunia.com/corporate/jobs/</p>
<p>Secunia offers a FREE mailing list called Secunia Security Advisories:</p>
<p>http://secunia.com/advisories/mailing_lists/</p>
<p>======================================================================
10) Verification </p>
<p>Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-23/</p>
<p>Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/</p>
<p>======================================================================</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201102-0003" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201102-0003" aria-expanded="false" aria-controls="collapseJsonvar-201102-0003">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201102-0003&t=Vulnerability var-201102-0003" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201102-0003&title=Vulnerability var-201102-0003" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201102-0003&url=https://vulnerability.circl.lu/vuln/var-201102-0003" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201102-0003&title=Vulnerability var-201102-0003" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201102-0003&description=Vulnerability var-201102-0003" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201102-0003&title=Vulnerability var-201102-0003" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201102-0003')" vuln-id="var-201102-0003" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201102-0003">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201102-0003">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201102-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dyon Balding of Secunia Research, Joshua J. Drake of iDefense, Gerhard Eschelbeck of Qualys, Inc., Esteban Martinez Fayo of Application Security, Inc., Franz Huell of Red Database Security, Mike Janowski of Neohapsis, Inc., Joxean Koret, Joxean Koret of Ti",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"cve": "CVE-2009-0190",
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1016. Reason: This candidate is a reservation duplicate of CVE-2009-1016. Notes: All CVE users should reference CVE-2009-1016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ====================================================================== \n\n Secunia Research 15/04/2009\n\n - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow -\n\n====================================================================== \nTable of Contents\n\nAffected Software....................................................1\nSeverity.............................................................2\nVendor\u0027s Description of Software.....................................3\nDescription of Vulnerability.........................................4\nSolution.............................................................5\nTime Table...........................................................6\nCredits..............................................................7\nReferences...........................................................8\nAbout Secunia........................................................9\nVerification........................................................10\n\n====================================================================== \n1) Affected Software \n\n* Oracle BEA WebLogic Server Plug-ins version 1.0.1166189. \n\nNOTE: Other versions may also be affected. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere: From Remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"... the world\u0027s best application server for building and deploying\nenterprise applications and services ...\". \n\nProduct Link:\nhttp://www.oracle.com/technology/products/weblogic/index.html\n\n====================================================================== \n4) Description of Vulnerability\n\nSecunia Research has discovered a vulnerability in the Oracle BEA\nWebLogic Server plug-ins for web servers, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nThe Oracle BEA WebLogic Server can be configured to receive requests\nvia an Apache web server. In this case, a plug-in is installed in the\nInternet-facing web server that passes the request to a WebLogic\nserver. \n\nThe Apache web server may be configured to accept SSL connections and\nforward the request to the WebLogic server along with any SSL-related\ninformation. If the SSL client supplies a certificate (and the Apache\nserver is configured to accept it), then the certificate is passed to\nthe WebLogic plug-in via an environment variable. \n\nThe vulnerability is caused by a boundary error when parsing \ncertificates and can be exploited to cause a stack-based buffer \noverflow by supplying a specially crafted certificate. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n====================================================================== \n5) Solution \n\nApply patches released by the vendor. \n\n====================================================================== \n6) Time Table \n\n01/03/2009 - Vendor notified. \n06/03/2009 - Vendor confirms vulnerability. \n17/03/2009 - Vendor provides preliminary patch. \n15/04/2009 - Public disclosure. \n\n====================================================================== \n7) Credits \n\nDiscovered by Dyon Balding, Secunia Research. \n\n====================================================================== \n8) References\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nCVE-2009-0190 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2009-23/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0190"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76692"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0190",
"trust": 1.4
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "BID",
"id": "34461",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76692",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76692"
},
{
"db": "NVD",
"id": "CVE-2009-0190"
}
]
},
"id": "VAR-201102-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:38:37.896000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/products/weblogic/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0190"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76692"
},
{
"db": "NVD",
"id": "CVE-2009-0190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-04-15T21:09:02",
"db": "PACKETSTORM",
"id": "76692"
},
{
"date": "2011-02-01T19:00:39.033000",
"db": "NVD",
"id": "CVE-2009-0190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2023-11-07T02:03:35.157000",
"db": "NVD",
"id": "CVE-2009-0190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle April 2009 Critical Patch Update Multiple Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0278">var-200904-0278</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Oracle Process Manager and Notification (opmn) daemon which is an HTTP daemon listening on a TCP port above 6000. Exploitation of this issue can result in arbitrary code execution. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-017
April 14, 2009</p>
<p>-- Affected Vendors:
Oracle</p>
<p>-- Affected Products:
Oracle Application Server</p>
<p>-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5729. Authentication
is not required to exploit this vulnerability. More
details can be found at:</p>
<p>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpua
pr2009.html</p>
<p>-- Disclosure Timeline:
2007-11-07 - Vulnerability reported to vendor
2009-04-14 - Coordinated public release of advisory</p>
<p>-- Credit:
This vulnerability was discovered by:
* Joxean Koret</p>
<p>-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities. </p>
<p>Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:</p>
<pre><code>http://www.zerodayinitiative.com
</code></pre>
<p>The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product. </p>
<p>Our vulnerability disclosure policy is available online at:</p>
<pre><code>http://www.zerodayinitiative.com/advisories/disclosure_policy/
</code></pre>
<p>. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0278" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0278" aria-expanded="false" aria-controls="collapseJsonvar-200904-0278">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0278&t=Vulnerability var-200904-0278" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0278&title=Vulnerability var-200904-0278" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0278&url=https://vulnerability.circl.lu/vuln/var-200904-0278" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0278&title=Vulnerability var-200904-0278" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0278&description=Vulnerability var-200904-0278" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0278&title=Vulnerability var-200904-0278" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0278')" vuln-id="var-200904-0278" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0278">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0278">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "application server",
"scope": null,
"trust": 0.7,
"vendor": "oracle",
"version": null
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joxean Koret",
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-017"
}
],
"trust": 0.7
},
"cve": "CVE-2009-0993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0993",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0993",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-311",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-0993",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Oracle Process Manager and Notification (opmn) daemon which is an HTTP daemon listening on a TCP port above 6000. Exploitation of this issue can result in arbitrary code execution. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017\nApril 14, 2009\n\n-- Affected Vendors:\nOracle\n\n-- Affected Products:\nOracle Application Server\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 5729. Authentication\nis not required to exploit this vulnerability. More\ndetails can be found at:\n\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpua\npr2009.html\n\n-- Disclosure Timeline:\n2007-11-07 - Vulnerability reported to vendor\n2009-04-14 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Joxean Koret\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76656"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0993",
"trust": 3.5
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 2.0
},
{
"db": "XF",
"id": "50030",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-248",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2009-0993",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76656"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"id": "VAR-200904-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:49:41.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 1.5,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156679"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50030"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/502683/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0993"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/50030"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0993"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpua"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76656"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76656"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-14T00:00:00",
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T00:10:45",
"db": "PACKETSTORM",
"id": "76656"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.687000",
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-14T00:00:00",
"db": "ZDI",
"id": "ZDI-09-017"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0993"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001235"
},
{
"date": "2021-07-13T17:54:49.170000",
"db": "NVD",
"id": "CVE-2009-0993"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76656"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of OPMN Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-311"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0264">var-200904-0264</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>Team SHATTER Security Advisory</p>
<p>Oracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE</p>
<p>May 4, 2009</p>
<p>Risk Level:
High</p>
<p>Affected versions:
Oracle Database Server version 10gR1</p>
<p>Remote exploitable:
Yes (Authentication to Database Server is needed)</p>
<p>Credits:
This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc. </p>
<p>Details:
Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS. </p>
<p>Impact:
By default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges. </p>
<p>Vendor Status:
Vendor was contacted and a patch was released. </p>
<p>Workaround:
Restrict access to the [WM]SYS.LT package. </p>
<p>CVE:
CVE-2009-0978</p>
<p>Links:
Application Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>Timeline:
Vendor Notification - 8/22/2007
Fix - 4/14/2009
Public Disclosure - 5/04/2009</p>
<p>Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0264" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0264" aria-expanded="false" aria-controls="collapseJsonvar-200904-0264">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0264&t=Vulnerability var-200904-0264" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0264&title=Vulnerability var-200904-0264" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0264&url=https://vulnerability.circl.lu/vuln/var-200904-0264" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0264&title=Vulnerability var-200904-0264" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0264&description=Vulnerability var-200904-0264" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0264&title=Vulnerability var-200904-0264" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0264')" vuln-id="var-200904-0264" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0264">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0264">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0978",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0978",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nOracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE\n\nMay 4, 2009\n\nRisk Level:\nHigh\n\nAffected versions:\nOracle Database Server version 10gR1\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nOracle Database provides the \"LT\" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS. \n\nImpact:\nBy default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict access to the [WM]SYS.LT package. \n\nCVE:\nCVE-2009-0978\n\nLinks:\nApplication Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nTimeline:\nVendor Notification - 8/22/2007\nFix - 4/14/2009\nPublic Disclosure - 5/04/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0978",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53734",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "77385",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"id": "VAR-200904-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:06:07.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53734"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0978"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2009-05-10T13:14:44",
"db": "PACKETSTORM",
"id": "77385"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.420000",
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2016-11-22T16:16:49.307000",
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1782">var-202003-1782</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update
Advisory ID: RHSA-2020:2511-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511
Issue date: 2020-06-10
CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210
CVE-2019-10172 CVE-2019-12423 CVE-2019-14887
CVE-2019-17573 CVE-2020-1695 CVE-2020-1729
CVE-2020-1745 CVE-2020-1757 CVE-2020-6950
CVE-2020-7226 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10688
CVE-2020-10719
====================================================================
1. Summary:</p>
<p>An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3 for Red Hat Enterprise Linux 6. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>cxf: reflected XSS in the services listing page (CVE-2019-17573)</p>
</li>
<li>
<p>cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)</p>
</li>
<li>
<p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)</p>
</li>
<li>
<p>jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p>
</li>
<li>
<p>cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)</p>
</li>
<li>
<p>smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)</p>
</li>
<li>
<p>resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)</p>
</li>
<li>
<p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)</p>
</li>
<li>
<p>undertow: invalid HTTP request with large chunk size (CVE-2020-10719)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p>
</li>
<li>
<p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p>
</li>
<li>
<p>libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)</p>
</li>
<li>
<p>libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)</p>
</li>
<li>
<p>jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, ensure all previously released errata relevant
to your system have been applied. </p>
<p>For details about how to apply this update, see:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - <a href="7.3.z">GSS</a> Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - <a href="7.3.z">GSS</a> Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - <a href="7.3.z">GSS</a> Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - <a href="7.3.z">GSS</a> Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - <a href="7.3.z">GSS</a> Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - <a href="7.3.z">GSS</a> Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - <a href="7.3.z">GSS</a> Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - <a href="7.3.z">GSS</a> Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6
JBEAP-18409 - <a href="7.3.z">GSS</a> Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - <a href="7.3.z">GSS</a> Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - <a href="7.3.z">GSS</a> Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - <a href="7.3.z">GSS</a> Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - <a href="7.3.z">GSS</a> Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss EAP 7.3 for RHEL 6 Server:</p>
<p>Source:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm
eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm</p>
<p>noarch:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm
eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm
eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm
eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm
eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm
eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm
eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm
eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm
eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm
eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm
eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm
eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm
eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm
eap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm
eap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm
eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm
eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm
eap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-14371
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1729
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8
XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3
YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR
fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q
ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA
X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W
hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe
EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO
kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p
P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI
y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN
uvhlMQF+ipU=W6+1
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<p>The JBoss server process must be restarted for the update to take effect</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1782" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1782" aria-expanded="false" aria-controls="collapseJsonvar-202003-1782">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1782&t=Vulnerability var-202003-1782" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1782&url=https://vulnerability.circl.lu/vuln/var-202003-1782" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1782&description=Vulnerability var-202003-1782" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1782&title=Vulnerability var-202003-1782" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1782')" vuln-id="var-202003-1782" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1782">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1782">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "ops center analyzer viewpoint",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.6",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 1.4
},
"cve": "CVE-2020-9548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002437",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002437",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9548",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-002437",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-040",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-187673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9548",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update\nAdvisory ID: RHSA-2020:2511-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2511\nIssue date: 2020-06-10\nCVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210\n CVE-2019-10172 CVE-2019-12423 CVE-2019-14887\n CVE-2019-17573 CVE-2020-1695 CVE-2020-1729\n CVE-2020-1745 CVE-2020-1757 CVE-2020-6950\n CVE-2020-7226 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10688\n CVE-2020-10719\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.src.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.src.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.src.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.src.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.src.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.src.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.src.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.src.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.src.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.src.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.src.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.src.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.src.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.src.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.src.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.src.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.src.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.src.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.src.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.src.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.src.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el6eap.noarch.rpm\neap7-apache-cxf-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-bouncycastle-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el6eap.noarch.rpm\neap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el6eap.noarch.rpm\neap7-codemodel-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-cryptacular-1.2.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.8-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jakarta-el-3.0.3-1.redhat_00002.1.el6eap.noarch.rpm\neap7-jandex-2.1.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-config-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el6eap.noarch.rpm\neap7-microprofile-health-2.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-opensaml-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-core-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el6eap.noarch.rpm\neap7-picketbox-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el6eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el6eap.noarch.rpm\neap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-resteasy-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-rngom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el6eap.noarch.rpm\neap7-smallrye-config-1.6.2-3.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-health-2.2.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el6eap.noarch.rpm\neap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el6eap.noarch.rpm\neap7-snakeyaml-1.24.0-2.redhat_00001.1.el6eap.noarch.rpm\neap7-stax2-api-4.2.0-1.redhat_00001.1.el6eap.noarch.rpm\neap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el6eap.noarch.rpm\neap7-txw2-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-3.SP3_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-weld-web-3.1.4-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el6eap.noarch.rpm\neap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-woodstox-core-6.0.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-policy-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el6eap.noarch.rpm\neap7-xsom-2.3.3-4.b02_redhat_00001.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14371\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-14887\nhttps://access.redhat.com/security/cve/CVE-2019-17573\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1729\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-6950\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10688\nhttps://access.redhat.com/security/cve/CVE-2020-10719\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8\nXOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3\nYaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR\nfhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q\nol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA\nX1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W\nhBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe\nEfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO\nkCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p\nP6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI\ny2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN\nuvhlMQF+ipU=W6+1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9548",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158048",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0828",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2050",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2042",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46078",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-15509",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9548",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158047",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"id": "VAR-202003-1782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:48:40.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548) #2634",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2634"
},
{
"title": "hitachi-sec-2020-109",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html"
},
{
"title": "hitachi-sec-2020-109",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-109/index.html"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111241"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202813 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202515 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202513 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202512 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202511 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/fairyming/cve-2020-9548 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2634"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9548"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.6,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2050/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0828/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2042/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-anteros-core-31738"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1440/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158047"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187673"
},
{
"date": "2020-03-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"date": "2020-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-06-11T16:36:20",
"db": "PACKETSTORM",
"id": "158048"
},
{
"date": "2020-09-07T16:38:23",
"db": "PACKETSTORM",
"id": "159081"
},
{
"date": "2020-07-02T15:43:25",
"db": "PACKETSTORM",
"id": "158282"
},
{
"date": "2020-06-11T16:34:17",
"db": "PACKETSTORM",
"id": "158037"
},
{
"date": "2020-06-11T16:36:11",
"db": "PACKETSTORM",
"id": "158047"
},
{
"date": "2020-06-11T16:34:25",
"db": "PACKETSTORM",
"id": "158038"
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082"
},
{
"date": "2020-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"date": "2020-03-02T04:15:11.077000",
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187673"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"date": "2020-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002437"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"date": "2023-11-07T03:26:58.833000",
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0268">var-200904-0268</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0268" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0268" aria-expanded="false" aria-controls="collapseJsonvar-200904-0268">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0268&t=Vulnerability var-200904-0268" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0268&title=Vulnerability var-200904-0268" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0268&url=https://vulnerability.circl.lu/vuln/var-200904-0268" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0268&title=Vulnerability var-200904-0268" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0268&description=Vulnerability var-200904-0268" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0268&title=Vulnerability var-200904-0268" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0268')" vuln-id="var-200904-0268" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0268">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0268">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "8.49.19"
},
{
"model": "peoplesoft enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "*"
},
{
"model": "peoplesoft products",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "peoplesoft enterprise",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0982"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0982",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0982",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0982",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-301",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0982",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "53759",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022057",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"id": "VAR-200904-0268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:16:57.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0982"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/53759"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022057"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0982"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0982"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.500000",
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004528"
},
{
"date": "2012-10-23T03:04:25.087000",
"db": "NVD",
"id": "CVE-2009-0982"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle PeopleSoft Enterprise Of products such as PeopleSoft Enterprise PeopleTools Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004528"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-301"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1776">var-202003-1776</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Satellite 6.8 release
Advisory ID: RHSA-2020:4366-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366
Issue date: 2020-10-27
CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781
CVE-2019-16782 CVE-2020-5216 CVE-2020-5217
CVE-2020-5267 CVE-2020-7238 CVE-2020-7663
CVE-2020-7942 CVE-2020-7943 CVE-2020-8161
CVE-2020-8184 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10693
CVE-2020-10968 CVE-2020-10969 CVE-2020-11619
CVE-2020-14061 CVE-2020-14062 CVE-2020-14195
CVE-2020-14334 CVE-2020-14380
====================================================================
1. Summary:</p>
<p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Satellite 6.7 - noarch, x86_64
Red Hat Satellite Capsule 6.8 - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool. </p>
<p>Security Fix(es):</p>
<ul>
<li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October
2018) (CVE-2018-3258)</li>
<li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</li>
<li>rubygem-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7663)</li>
<li>puppet: puppet server and puppetDB may leak sensitive information via
metrics API (CVE-2020-7943)</li>
<li>jackson-databind: multiple serialization gadgets (CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li>
<li>foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)</li>
<li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to
account takeover (CVE-2020-14380)</li>
<li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)</li>
<li>rubygem-rack: hijack sessions by using timing attacks targeting the
session id (CVE-2019-16782)</li>
<li>rubygem-secure_headers: limited header injection when using dynamic
overrides with user input (CVE-2020-5216)</li>
<li>rubygem-secure_headers: directive injection when using dynamic overrides
with user input (CVE-2020-5217)</li>
<li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods
are susceptible to XSS attacks (CVE-2020-5267)</li>
<li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li>
<li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li>
<li>rubygem-rack: percent-encoded cookies can be used to overwrite existing
prefixed cookie names (CVE-2020-8184)</li>
<li>hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)</li>
<li>puppet-agent: Puppet Agent does not properly verify SSL connection when
downloading a CRL (CVE-2018-11751)</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<p>Additional Changes:</p>
<ul>
<li>
<p>Provides the Satellite Ansible Modules that allow for full automation of
your Satellite configuration and deployment. </p>
</li>
<li>
<p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6
network environment</p>
</li>
<li>
<p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade
all of your Capsule servers with a single job execution. </p>
</li>
<li>
<p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest
version of Puppet</p>
</li>
<li>
<p>Support for HTTP UEFI provisioning</p>
</li>
<li>
<p>Support for CAC card authentication with Keycloak integration</p>
</li>
<li>
<p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8
using the LEAPP based tooling. </p>
</li>
<li>
<p>Support for Red Hat Enterprise Linux Traces integration</p>
</li>
<li>
<p>satellite-maintain & foreman-maintain are now self updating</p>
</li>
<li>
<p>Notifications in the UI to warn users when subscriptions are expiring. </p>
</li>
</ul>
<p>The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document linked to in the References
section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass
1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Remove</code>use_puppet_default<code>api params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page <title>
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined method</code>klass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject>
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Satellite Capsule 6.8:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>Red Hat Satellite 6.7:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
candlepin-3.1.21-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
foreman-selinux-2.1.2.3-1.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pcp-mmvstatsd-0.4-2.el7sat.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-aiohttp-3.6.2-4.el7ar.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-async-timeout-3.0.1-2.el7ar.src.rpm
python-attrs-19.3.0-3.el7ar.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-chardet-3.0.4-10.el7ar.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-dateutil-2.8.1-2.el7ar.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-idna-2.4-2.el7ar.src.rpm
python-idna-ssl-1.1.0-2.el7ar.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-multidict-4.7.4-2.el7ar.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-prometheus-client-0.7.1-2.el7ar.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-receptor-satellite-1.2.0-1.el7sat.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-six-1.11.0-8.el7ar.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-typing-extensions-3.7.4.1-2.el7ar.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-yarl-1.4.2-2.el7ar.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
receptor-0.6.3-1.el7ar.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm
rubygem-facter-2.4.1-2.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
rubygem-passenger-4.0.18-24.el7sat.src.rpm
rubygem-rack-1.6.12-1.el7sat.src.rpm
rubygem-rake-0.9.2.2-41.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm
tfm-rubygem-git-1.5.0-1.el7sat.src.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-3.3.0-1.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm
tfm-rubygem-os-1.0.0-1.el7sat.src.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm
tfm-rubygem-text-1.3.0-7.el7sat.src.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
candlepin-3.1.21-1.el7sat.noarch.rpm
candlepin-selinux-3.1.21-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-2.1.2.19-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-cli-2.1.2.19-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm
foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm
foreman-gce-2.1.2.19-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-journald-2.1.2.19-1.el7sat.noarch.rpm
foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm
foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm
foreman-service-2.1.2.19-1.el7sat.noarch.rpm
foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm
foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm
katello-3.16.0-1.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
katello-selinux-3.4.0-1.el7sat.noarch.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
python3-async-timeout-3.0.1-2.el7ar.noarch.rpm
python3-attrs-19.3.0-3.el7ar.noarch.rpm
python3-chardet-3.0.4-10.el7ar.noarch.rpm
python3-dateutil-2.8.1-2.el7ar.noarch.rpm
python3-idna-2.4-2.el7ar.noarch.rpm
python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm
python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm
python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm
python3-six-1.11.0-8.el7ar.noarch.rpm
python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
receptor-0.6.3-1.el7ar.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
rubygem-rack-1.6.12-1.el7sat.noarch.rpm
rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm
satellite-6.8.0-1.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-cli-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm
tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm
tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm
tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_passenger-4.0.18-24.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm
python3-multidict-4.7.4-2.el7ar.x86_64.rpm
python3-yarl-1.4.2-2.el7ar.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm
rubygem-facter-2.4.1-2.el7sat.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-3258
https://access.redhat.com/security/cve/CVE-2018-11751
https://access.redhat.com/security/cve/CVE-2019-12781
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2020-5216
https://access.redhat.com/security/cve/CVE-2020-5217
https://access.redhat.com/security/cve/CVE-2020-5267
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/cve/CVE-2020-7663
https://access.redhat.com/security/cve/CVE-2020-7942
https://access.redhat.com/security/cve/CVE-2020-7943
https://access.redhat.com/security/cve/CVE-2020-8161
https://access.redhat.com/security/cve/CVE-2020-8184
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-14061
https://access.redhat.com/security/cve/CVE-2020-14062
https://access.redhat.com/security/cve/CVE-2020-14195
https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/cve/CVE-2020-14380
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK
1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa
5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr
oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f
Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io
OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX
k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG
C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5
/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta
D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a
f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG
1yK/tAm1KBU=osSG
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1
JBEAP-18974 - Upgrade snakeyaml to 1.26
JBEAP-18975 - Upgrade cryptacular to 1.2.4
JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001
JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final
JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final
JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final
JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p>
<ol>
<li>Solution:</li>
</ol>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p>
<ol>
<li>The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </li>
</ol>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p>
<p>6</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1776" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1776" aria-expanded="false" aria-controls="collapseJsonvar-202003-1776">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1776&t=Vulnerability var-202003-1776" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1776&url=https://vulnerability.circl.lu/vuln/var-202003-1776" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1776&description=Vulnerability var-202003-1776" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1776&title=Vulnerability var-202003-1776" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1776')" vuln-id="var-202003-1776" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1776">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1776">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1776",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.6",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.7",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 1.3
},
"cve": "CVE-2020-10969",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003491",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10969",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003491",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003491",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163500",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10969",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10969",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48375",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-24034",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"id": "VAR-202003-1776",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:54:00.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Block one more gadget type (javax.swing, CVE-2020-10969) #2642",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2642"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115311"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2642"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10969"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-jeditorpane-serialization-gadgets-typing-32062"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48375"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-163500"
},
{
"date": "2020-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724"
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"date": "2020-03-26T13:15:13.077000",
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163500"
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"date": "2024-07-03T01:36:09.833000",
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202203-1400">var-202203-1400</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. Description:</p>
<p>Red Hat Process Automation Manager is an open source business process
management suite that combines process management and decision service
management and enables business and IT users to create, manage, validate,
and deploy process applications and decision services. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>chart.js: prototype pollution (CVE-2020-7746)</p>
</li>
<li>
<p>moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</p>
</li>
<li>
<p>package immer before 9.0.6. A type confusion vulnerability can lead to a
bypass of CVE-2020-28477 (CVE-2021-23436)</p>
</li>
<li>
<p>artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)</p>
</li>
<li>
<p>Business-central: Possible XML External Entity Injection attack
(CVE-2022-2458)</p>
</li>
<li>
<p>cross-fetch: Exposure of Private Personal Information to an Unauthorized
Actor (CVE-2022-1365)</p>
</li>
<li>
<p>jackson-databind: denial of service via a large depth of nested objects
(CVE-2020-36518)</p>
</li>
<li>
<p>jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability
(CVE-2022-26520)</p>
</li>
<li>
<p>jdbc-postgresql: Unchecked Class Instantiation when providing Plugin
Classes (CVE-2022-21724)</p>
</li>
<li>
<p>Moment.js: Path traversal in moment.locale (CVE-2022-24785)</p>
</li>
<li>
<p>org.drools-droolsjbpm-integration: minimist: prototype pollution
(CVE-2021-44906)</p>
</li>
<li>
<p>org.kie.workbench-kie-wb-common: minimist: prototype pollution
(CVE-2021-44906)</p>
</li>
<li>
<p>parse-url: Exposure of Sensitive Information to an Unauthorized Actor in
GitHub repository ionicabizau/parse-url (CVE-2022-0722)</p>
</li>
<li>
<p>xercesimpl: xerces-j2: infinite loop when handling specially crafted XML
document payloads (CVE-2022-23437)</p>
</li>
<li>
<p>eventsource: Exposure of Sensitive Information (CVE-2022-1650)</p>
</li>
<li>
<p>mysql-connector-java: Difficult to exploit vulnerability allows a high
privileged attacker with network access via multiple protocols to
compromise MySQL Connectors (CVE-2022-21363)</p>
</li>
<li>
<p>node-fetch: exposure of sensitive information to an unauthorized actor
(CVE-2022-0235)</p>
</li>
<li>
<p>node-forge: Signature verification failing to check tailing garbage bytes
can lead to signature forgery (CVE-2022-24772)</p>
</li>
<li>
<p>node-forge: Signature verification leniency in checking <code>digestAlgorithm</code>
structure can lead to signature forgery (CVE-2022-24771)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Solution:</p>
<p>For on-premise installations, before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on. </p>
<p>Red Hat recommends that you halt the server by stopping the JBoss
Application Server process before installing this update. After installing
the update, restart the server by starting the JBoss Application Server
process. </p>
<p>The References section of this erratum contains a download link. You must
log in to download the update. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2066009 - CVE-2021-44906 minimist: prototype pollution
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking <code>digestAlgorithm</code> structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2096966 - CVE-2020-7746 chart.js: prototype pollution
2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console
2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection
2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console</p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Enterprise Linux AppStream (v. 9) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>Jackson is a suite of data-processing tools for Java, including the
flagship streaming JSON parser / generator library, matching data-binding
library, and additional modules to process data encoded in various other
data formats. </p>
<p>Additional Changes:</p>
<p>For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section. Solution:</p>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Enterprise Linux AppStream (v. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update
Advisory ID: RHSA-2022:2232-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232
Issue date: 2022-05-12
CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for Red Hat Data Grid is now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution.
It increases application response times and allows for dramatically
improving performance while providing availability, reliability, and
elastic scale. </p>
<p>Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and
enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jackson-databind: denial of service via a large depth of nested objects
[jdg-8] (CVE-2020-36518)</p>
</li>
<li>
<p>kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka
Connect and Clients [jdg-8] (CVE-2021-38153)</p>
</li>
<li>
<p>xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of
stderr [jdg-8] (CVE-2022-0084)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 8.3.1 Server patch from the customer portal[²]. </li>
<li>Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. </li>
<li>Install the Data Grid 8.3.1 Server patch. </li>
<li>Restart Data Grid to ensure the changes take effect. </li>
</ol>
<p>For more information about Data Grid 8.3.1, refer to the 8.3.1 Release
Notes[³]</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-36518
https://access.redhat.com/security/cve/CVE-2021-38153
https://access.redhat.com/security/cve/CVE-2022-0084
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3
https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP
WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt
c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO
lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8
yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6
/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0
8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ
YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI
dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO
XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn
Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy
IZnZKy4mPpA=
=6Kqs
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-3252 - [release-5.4]Adding Valid Subscription Annotation</p>
<p>6</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202203-1400" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202203-1400" aria-expanded="false" aria-controls="collapseJsonvar-202203-1400">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202203-1400&t=Vulnerability var-202203-1400" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202203-1400&url=https://vulnerability.circl.lu/vuln/var-202203-1400" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202203-1400&description=Vulnerability var-202203-1400" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202203-1400&title=Vulnerability var-202203-1400" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202203-1400')" vuln-id="var-202203-1400" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202203-1400">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202203-1400">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.25.4"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.5.0"
},
{
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.18"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.13.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.12.6.1"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.1"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.2"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.5.0"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.13.2.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.30"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.3.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.14"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "financial services enterprise case management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "communications billing and revenue management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.6.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.19.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0.5.2"
},
{
"model": "spatial studio",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1.0"
},
{
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "financial services enterprise case management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0.0"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.13"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.4.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.2.1",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.0.6.0",
"versionStartIncluding": "12.0.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.9.4.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.2.1",
"versionStartIncluding": "8.1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.18",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.13",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12.1",
"versionStartIncluding": "21.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.14",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.2.1",
"versionStartIncluding": "8.1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.25.4",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.19.0",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0.0",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12.4.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20.4",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168333"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
},
{
"db": "PACKETSTORM",
"id": "167157"
},
{
"db": "PACKETSTORM",
"id": "169920"
}
],
"trust": 0.9
},
"cve": "CVE-2020-36518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-415522",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-36518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a\nbypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack\n(CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized\nActor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability\n(CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin\nClasses (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution\n(CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution\n(CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in\nGitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML\ndocument payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nRed Hat recommends that you halt the server by stopping the JBoss\nApplication Server process before installing this update. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2096966 - CVE-2020-7746 chart.js: prototype pollution\n2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack\n\n5. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection\n2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\n\n3. Description:\n\nJackson is a suite of data-processing tools for Java, including the\nflagship streaming JSON parser / generator library, matching data-binding\nlibrary, and additional modules to process data encoded in various other\ndata formats. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.3.1 security update\nAdvisory ID: RHSA-2022:2232-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2232\nIssue date: 2022-05-12\nCVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. \n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects\n[jdg-8] (CVE-2020-36518)\n\n* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka\nConnect and Clients [jdg-8] (CVE-2021-38153)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr [jdg-8] (CVE-2022-0084)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.3.1 Server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.3.1 Server patch. \n4. Restart Data Grid to ensure the changes take effect. \n\nFor more information about Data Grid 8.3.1, refer to the 8.3.1 Release\nNotes[\u00b3]\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-38153\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=8.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP\nWArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt\nc2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO\nlxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8\nyVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6\n/13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0\n8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ\nYY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI\ndzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO\nXyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn\nVt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy\nIZnZKy4mPpA=\n=6Kqs\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3252 - [release-5.4]Adding Valid Subscription Annotation\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36518"
},
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "PACKETSTORM",
"id": "168333"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
},
{
"db": "PACKETSTORM",
"id": "167157"
},
{
"db": "PACKETSTORM",
"id": "169920"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-415522",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-36518",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "169920",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169728",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168333",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169725",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167157",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169729",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168631",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168646",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170602",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167842",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169926",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167523",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415522",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "PACKETSTORM",
"id": "168333"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
},
{
"db": "PACKETSTORM",
"id": "167157"
},
{
"db": "PACKETSTORM",
"id": "169920"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"id": "VAR-202203-1400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:05:19.247000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"trust": 1.1,
"url": "https://github.com/fasterxml/jackson-databind/issues/2816"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0225"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2668"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0866"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2668"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0225"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22132"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7410"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid\u0026downloadtype=securitypatches\u0026version=8.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "PACKETSTORM",
"id": "168333"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
},
{
"db": "PACKETSTORM",
"id": "167157"
},
{
"db": "PACKETSTORM",
"id": "169920"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "PACKETSTORM",
"id": "168333"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
},
{
"db": "PACKETSTORM",
"id": "167157"
},
{
"db": "PACKETSTORM",
"id": "169920"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-415522"
},
{
"date": "2022-09-09T16:15:16",
"db": "PACKETSTORM",
"id": "168333"
},
{
"date": "2022-10-06T12:37:43",
"db": "PACKETSTORM",
"id": "168638"
},
{
"date": "2022-10-05T14:27:31",
"db": "PACKETSTORM",
"id": "168631"
},
{
"date": "2023-05-09T15:20:56",
"db": "PACKETSTORM",
"id": "172220"
},
{
"date": "2022-11-04T13:44:06",
"db": "PACKETSTORM",
"id": "169729"
},
{
"date": "2022-11-04T13:43:56",
"db": "PACKETSTORM",
"id": "169728"
},
{
"date": "2022-11-04T13:43:17",
"db": "PACKETSTORM",
"id": "169725"
},
{
"date": "2022-05-12T16:34:47",
"db": "PACKETSTORM",
"id": "167157"
},
{
"date": "2022-11-17T13:23:05",
"db": "PACKETSTORM",
"id": "169920"
},
{
"date": "2022-03-11T07:15:07.800000",
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-415522"
},
{
"date": "2022-11-29T22:12:38.183000",
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-6407-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "168333"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "168631"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169728"
},
{
"db": "PACKETSTORM",
"id": "169725"
}
],
"trust": 0.4
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202112-1782">var-202112-1782</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update
Advisory ID: RHSA-2022:0205-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205
Issue date: 2022-01-20
CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for Red Hat Data Grid is now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution.
It increases application response times and allows for dramatically
improving performance while providing availability, reliability, and
elastic scale. </p>
<p>Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and
enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)</p>
</li>
<li>
<p>log4j-core: DoS in log4j 2.x with thread context message pattern and
context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)</p>
</li>
<li>
<p>log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data
contains a recursive lookup and context lookup pattern (CVE-2021-45105)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 8.2.3 server patch from the customer portal[²]. </li>
<li>Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. </li>
<li>Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release
Notes[³] for patching instructions. </li>
<li>
<p>Restart Data Grid to ensure the changes take effect. </p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ol>
<p>2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2021-44832
https://access.redhat.com/security/cve/CVE-2021-45046
https://access.redhat.com/security/cve/CVE-2021-45105
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2
https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL
bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI
QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa
5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk
N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9
/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9
B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6
EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y
iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD
FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K
LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd
QiLGYFSmmLk=
=y5SE
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.4.4 Release Notes for information about the most
significant bug fixes and enhancements included in this release. Solution:</p>
<p>Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications. </p>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7
JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1
JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034
JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)
JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console
JBEAP-22839 - <a href="7.4.z">GSS</a> Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001
JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001
JBEAP-22899 - Tracker bug for the EAP 7.4.4 release for RHEL-7
JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002
JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001
JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001
JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001
JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002
JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final
JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final
JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001
JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final
JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001
JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26
JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001
JBEAP-23323 - <a href="7.4.z">GSS</a> WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend
JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001
JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002</p>
<ol>
<li>
<p>Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
</li>
<li>
<p>Description:</p>
</li>
</ol>
<p>Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>LOG-1868 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.1]
LOG-2022 - resourceVersion is overflowing type Integer causing ES rejection</p>
<ol>
<li>=========================================================================
Ubuntu Security Notice USN-5222-1
January 11, 2022</li>
</ol>
<h1>apache-log4j2 vulnerabilities</h1>
<p>A security issue affects these releases of Ubuntu and its derivatives:</p>
<ul>
<li>Ubuntu 21.10</li>
<li>Ubuntu 21.04</li>
<li>Ubuntu 20.04 LTS</li>
<li>Ubuntu 18.04 LTS</li>
</ul>
<p>Summary:</p>
<p>Several security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS.
(CVE-2021-45105)</p>
<p>Update instructions:</p>
<p>The problem can be corrected by updating your system to the following
package versions:</p>
<p>Ubuntu 21.10:
liblog4j2-java 2.17.1-0.21.10.1</p>
<p>Ubuntu 21.04:
liblog4j2-java 2.17.1-0.21.04.1</p>
<p>Ubuntu 20.04 LTS:
liblog4j2-java 2.17.1-0.20.04.1</p>
<p>Ubuntu 18.04 LTS:
liblog4j2-java 2.12.4-0ubuntu0.1</p>
<p>In general, a standard system update will make all the necessary changes. Solution:</p>
<p>For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:</p>
<p>https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html</p>
<p>Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html</p>
<p>4</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202112-1782" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202112-1782" aria-expanded="false" aria-controls="collapseJsonvar-202112-1782">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202112-1782&t=Vulnerability var-202112-1782" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202112-1782&title=Vulnerability var-202112-1782" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202112-1782&url=https://vulnerability.circl.lu/vuln/var-202112-1782" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202112-1782&title=Vulnerability var-202112-1782" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202112-1782&description=Vulnerability var-202112-1782" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202112-1782&title=Vulnerability var-202112-1782" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202112-1782')" vuln-id="var-202112-1782" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202112-1782">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202112-1782">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "hyperion infrastructure technology",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "payment interface",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3"
},
{
"model": "sql developer",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.2"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.0.0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "hospitality token proxy service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail integration bus",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.1"
},
{
"model": "hyperion planning",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.2.1"
},
{
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "retail service backbone",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4.13"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "hyperion data relationship management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications eagle ftp table base retrieval",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.5"
},
{
"model": "communications session route manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications eagle element management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.6"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.1"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "email security",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.12"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"model": "flexcube universal banking",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "network security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.0"
},
{
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.13"
},
{
"model": "communications convergent charging controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"model": "web application firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.1.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "flexcube universal banking",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.0.0"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.13.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "agile plm mcad connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "health sciences information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.4"
},
{
"model": "retail integration bus",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.240"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.14"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "retail order management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.5"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "retail service backbone",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "banking payments",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "flexcube universal banking",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "log4j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.16.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "retail integration bus",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.83.3"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.12"
},
{
"model": "hyperion bi\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.46"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.5"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.8"
},
{
"model": "communications element manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "hyperion tax provision",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.18.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.4"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.1"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "banking loans servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications convergence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "hyperion profitability and cost management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"model": "communications convergent charging controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "banking trade finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.115"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0.6"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "payment interface",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "banking deposits and lines of credit servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail integration bus",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "health sciences information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "flexcube universal banking",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "retail financial integration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3.0.0"
},
{
"model": "communications convergence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.3.0"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "network security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.0"
},
{
"model": "communications session report manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "taleo platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1"
},
{
"model": "management cloud engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"model": "retail financial integration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "banking party management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.14.0"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.3"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.3"
},
{
"model": "log4j",
"scope": null,
"trust": 0.7,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.16.0",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.3.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.1.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.4",
"versionStartIncluding": "7.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.4",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Guy Lederfein of Trend Micro Security Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
}
],
"trust": 0.7
},
"cve": "CVE-2021-45105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-408743",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45105",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-45105",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2021-45105",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-408743",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID: RHSA-2022:0205-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0205\nIssue date: 2022-01-20\nCVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22899 - Tracker bug for the EAP 7.4.4 release for RHEL-7\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1868 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.1]\nLOG-2022 - resourceVersion is overflowing type Integer causing ES rejection\n\n6. =========================================================================\nUbuntu Security Notice USN-5222-1\nJanuary 11, 2022\n\napache-log4j2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. \n(CVE-2021-45105)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n liblog4j2-java 2.17.1-0.21.10.1\n\nUbuntu 21.04:\n liblog4j2-java 2.17.1-0.21.04.1\n\nUbuntu 20.04 LTS:\n liblog4j2-java 2.17.1-0.20.04.1\n\nUbuntu 18.04 LTS:\n liblog4j2-java 2.12.4-0ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45105"
},
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166797"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165494"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "165552"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45105",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-21-1541",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-501673",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/19/1",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16160",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165516",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165552",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165494",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165503",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165648",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2021-101661",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166797",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166793",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166797"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165494"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"id": "VAR-202112-1782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408743"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:15:54.690000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://logging.apache.org/log4j/2.x/security.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-674",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1541/"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20321"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1462"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0044"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0042"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.12.4-0ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5222-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.10.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:0025"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40346"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166797"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165494"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166797"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165494"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"date": "2021-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-408743"
},
{
"date": "2022-01-20T18:11:03",
"db": "PACKETSTORM",
"id": "165645"
},
{
"date": "2022-04-11T17:15:55",
"db": "PACKETSTORM",
"id": "166677"
},
{
"date": "2022-04-21T15:08:51",
"db": "PACKETSTORM",
"id": "166797"
},
{
"date": "2022-04-21T15:08:12",
"db": "PACKETSTORM",
"id": "166793"
},
{
"date": "2022-01-10T17:56:39",
"db": "PACKETSTORM",
"id": "165499"
},
{
"date": "2022-01-10T17:52:32",
"db": "PACKETSTORM",
"id": "165494"
},
{
"date": "2022-01-12T15:36:56",
"db": "PACKETSTORM",
"id": "165516"
},
{
"date": "2022-01-13T16:32:51",
"db": "PACKETSTORM",
"id": "165552"
},
{
"date": "2021-12-18T12:15:07.433000",
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-408743"
},
{
"date": "2022-10-06T17:31:39.640000",
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165516"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165516"
}
],
"trust": 0.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0276">var-200904-0276</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0276" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0276" aria-expanded="false" aria-controls="collapseJsonvar-200904-0276">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0276&t=Vulnerability var-200904-0276" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0276&title=Vulnerability var-200904-0276" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0276&url=https://vulnerability.circl.lu/vuln/var-200904-0276" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0276&title=Vulnerability var-200904-0276" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0276&description=Vulnerability var-200904-0276" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0276&title=Vulnerability var-200904-0276" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0276')" vuln-id="var-200904-0276" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0276">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0276">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0991",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0991",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0991",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53737",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "XF",
"id": "50026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"id": "VAR-200904-0276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:19.098000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53737"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50026"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50026"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.640000",
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2017-08-17T01:30:08.677000",
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Listener Vulnerabilities in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0434">var-200904-0434</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0434" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0434" aria-expanded="false" aria-controls="collapseJsonvar-200904-0434">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0434&t=Vulnerability var-200904-0434" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0434&title=Vulnerability var-200904-0434" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0434&url=https://vulnerability.circl.lu/vuln/var-200904-0434" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0434&title=Vulnerability var-200904-0434" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0434&description=Vulnerability var-200904-0434" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0434&title=Vulnerability var-200904-0434" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0434')" vuln-id="var-200904-0434" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0434">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0434">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "8.49.19"
},
{
"model": "peoplesoft enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "*"
},
{
"model": "peoplesoft products",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "peoplesoft enterprise",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1014",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1014",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-331",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1014",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "53757",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022057",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"id": "VAR-200904-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:54:37.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/53757"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022057"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1014"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1014"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:01.063000",
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004537"
},
{
"date": "2016-11-23T19:40:14.010000",
"db": "NVD",
"id": "CVE-2009-1014"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle PeopleSoft Enterprise Of products such as PeopleSoft Enterprise PeopleTools Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004537"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-331"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0277">var-200904-0277</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN</p>
<p>Name SQL Injection in package DBMS_AQIN [CVE-2009-0992]
Systems Affected Oracle 10.1.0.5 - 11.1.0.7
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
CVE CVE-2009-0992
Advisory 14 April 2009 (V 1.00)</p>
<p>Details
The package DBMS_AQIN contains a SQL injection vulnerability. </p>
<p>PROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)</p>
<p>[...]</p>
<p>BEGIN</p>
<p>SYS.DBMS_AQIN.AQ$_DEQUEUE_IN(
QUEUE_NAME => 'SYS.AQ_SRVNTF_TABLE_Q',
WAIT => DBMS_AQ.NO_WAIT,
ENQUEUE_TIME => ENQUEUE_TIME,
STATE => STATE,
OUT_MSGID => OUT_MSGID,
OUT_CORRELATION => OUT_CORRELATION,
PRIORITY => PRIORITY,
DELAY => DELAY,
EXPIRATION => EXPIRATION,
ATTEMPTS => ATTEMPTS,
EXCEPTION_QUEUE => EXCEPTION_QUEUE,
REMOTE_RECIPIENTS => REMOTE_RECIPIENT,
SENDER_NAME => SENDER_NAME,
SENDER_ADDR => SENDER_ADDR,
SENDER_PROTOCOL => SENDER_PROTOCOL,
ORIGINAL_MSGID => ORIGINAL_MSGID,
RAW_USER_DATA => RAW_USER_DATA,
OBJECT_USER_DATA => PAYL,
OUT_SIGN => OUT_SIGN);</p>
<p>[...]</p>
<p>PROCSTR := 'begin ' || PAYL.SUB_CALLBACK || '(context => :1,';
PROCSTR := PROCSTR ||'reginfo => sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),';
PROCSTR := PROCSTR ||'descr => sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t';
PROCSTR := PROCSTR ||'(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent';
PROCSTR := PROCSTR || '(:19, :20, :21), :22, :23),';
PROCSTR := PROCSTR || ' sys.aq$_ntfn_descriptor(:24))';</p>
<p>Patch Information
Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0277" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0277" aria-expanded="false" aria-controls="collapseJsonvar-200904-0277">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0277&t=Vulnerability var-200904-0277" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0277&title=Vulnerability var-200904-0277" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0277&url=https://vulnerability.circl.lu/vuln/var-200904-0277" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0277&title=Vulnerability var-200904-0277" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0277&description=Vulnerability var-200904-0277" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0277&title=Vulnerability var-200904-0277" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0277')" vuln-id="var-200904-0277" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0277">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0277">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0992",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0992",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN\n\nName \t SQL Injection in package DBMS_AQIN [CVE-2009-0992]\nSystems Affected Oracle 10.1.0.5 - 11.1.0.7\nSeverity High Risk\nCategory SQL Injection\nVendor URL http://www.oracle.com/\nAuthor Alexander Kornbrust (ak at red-database-security.com)\nCVE CVE-2009-0992\nAdvisory 14 April 2009 (V 1.00)\n\n\nDetails\nThe package DBMS_AQIN contains a SQL injection vulnerability. \n\nPROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)\n\n\n[...]\n\nBEGIN\n\nSYS.DBMS_AQIN.AQ$_DEQUEUE_IN(\nQUEUE_NAME =\u003e \u0027SYS.AQ_SRVNTF_TABLE_Q\u0027,\nWAIT =\u003e DBMS_AQ.NO_WAIT,\nENQUEUE_TIME =\u003e ENQUEUE_TIME,\nSTATE =\u003e STATE,\nOUT_MSGID =\u003e OUT_MSGID,\nOUT_CORRELATION =\u003e OUT_CORRELATION,\nPRIORITY =\u003e PRIORITY,\nDELAY =\u003e DELAY,\nEXPIRATION =\u003e EXPIRATION,\nATTEMPTS =\u003e ATTEMPTS,\nEXCEPTION_QUEUE =\u003e EXCEPTION_QUEUE,\nREMOTE_RECIPIENTS =\u003e REMOTE_RECIPIENT,\nSENDER_NAME =\u003e SENDER_NAME,\nSENDER_ADDR =\u003e SENDER_ADDR,\nSENDER_PROTOCOL =\u003e SENDER_PROTOCOL,\nORIGINAL_MSGID =\u003e ORIGINAL_MSGID,\nRAW_USER_DATA =\u003e RAW_USER_DATA,\nOBJECT_USER_DATA =\u003e PAYL,\nOUT_SIGN =\u003e OUT_SIGN);\n\n[...]\n\nPROCSTR := \u0027begin \u0027 || PAYL.SUB_CALLBACK || \u0027(context =\u003e :1,\u0027;\nPROCSTR := PROCSTR ||\u0027reginfo =\u003e sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),\u0027;\nPROCSTR := PROCSTR ||\u0027descr =\u003e sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t\u0027;\nPROCSTR := PROCSTR ||\u0027(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent\u0027;\nPROCSTR := PROCSTR || \u0027(:19, :20, :21), :22, :23),\u0027;\nPROCSTR := PROCSTR || \u0027 sys.aq$_ntfn_descriptor(:24))\u0027;\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0992",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQIN",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"id": "VAR-200904-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:28:52.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502723/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502723/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0992"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:51:10",
"db": "PACKETSTORM",
"id": "76729"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.657000",
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2018-10-10T19:32:42.037000",
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0415">var-200904-0415</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0415" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0415" aria-expanded="false" aria-controls="collapseJsonvar-200904-0415">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0415&t=Vulnerability var-200904-0415" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0415&title=Vulnerability var-200904-0415" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0415&url=https://vulnerability.circl.lu/vuln/var-200904-0415" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0415&title=Vulnerability var-200904-0415" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0415&description=Vulnerability var-200904-0415" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0415&title=Vulnerability var-200904-0415" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0415')" vuln-id="var-200904-0415" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0415">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0415">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:5.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0994",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0994",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-312",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0994",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53744",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"id": "VAR-200904-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:31:13.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158169"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53744"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0994"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0994"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.703000",
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001244"
},
{
"date": "2021-07-28T18:47:05.187000",
"db": "NVD",
"id": "CVE-2009-0994"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of BI Publisher Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-312"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0429">var-200904-0429</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input.
An attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application.
NOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>iDefense Security Advisory 05.14.09
http://labs.idefense.com/intelligence/vulnerabilities/
May 14, 2009</p>
<p>I. BACKGROUND</p>
<p>Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below. </p>
<p>http://www.oracle.com/technology/products/content-management/oit/oit_all.html</p>
<p>http://www.good.com/corp/index.php</p>
<p>II. DESCRIPTION</p>
<p>Remote exploitation of multiple buffer overflow vulnerabilities in
Oracle Corp.'s Outside In Technology, as included in various vendors'
software distributions, allow attackers to execute arbitrary code. </p>
<p>Two vulnerabilities exist due to a lack of bounds checking when
processing specially crafted Microsoft Excel spreadsheet files. The two
issues exist in two distinct functions. The two vulnerabilities are
nearly identical, with the differentiating factor being the value of a
flag bit within a record of the file. If the bit is set, the code path
to the first vulnerable function is taken. Otherwise, the code path to
the second vulnerable function is taken. </p>
<p>The cause of the vulnerability is the same in each case. An array of
structures, stored on the stack, is manipulated in a loop without
validating the bounds of the array. By crafting a file containing a
properly malformed record, it is possible to write outside the bounds
of this array. The resulting stack corruption can lead to arbitrary
code execution. </p>
<p>III. ANALYSIS</p>
<p>Exploitation of these vulnerabilities allows attackers to execute
arbitrary code. In order to exploit these vulnerabilities, the attacker
must somehow supply a malformed document to an application that will
process the document with Outside In Technology. Likewise, the
privileges gained will also depend on the software using the library. </p>
<p>In the case of Good Mobile Messaging Server, an attacker can send an
electronic mail message with an Excel spreadsheet attachment to a user.
When the user chooses to view the spreadsheet, the vulnerable condition
will be triggered. Upon successful exploitation, the attacker will gain
the privileges of the "GoodAdmin" user. This is a special user account
which, in some configurations, may be a member of the "Administrator"
group. Regardless of the user's "Administrator" status, the user will
always have full privileges to "Read" and "Send As" all users on the
Microsoft Exchange server. This could allow an attacker to conduct
further social engineering attacks. </p>
<p>Other software packages using Outside In were not investigated. </p>
<p>IV. DETECTION</p>
<p>iDefense confirmed the existence of these vulnerabilities using the
follow versions of Outside In on Windows Server 2003 SP2. </p>
<p>8.1.5.4282
8.1.9.4417
8.2.2.4866
8.3.0.5129</p>
<p>Additionally the following versions of Good Mobile Messaging Server for
Exchange ship with vulnerable versions of vsxl5.dll. </p>
<p>4.9.3.41
5.0.4.28
6.0.0.106</p>
<p>All versions of Outside In, including versions for operating systems
other than Windows, are assumed to be vulnerable. Additionally, all
software that includes or uses Outside In is assumed to be vulnerable.
Earlier versions, including those branded with other names, are
vulnerable as well. </p>
<p>V. WORKAROUND</p>
<p>In order to prevent exploitation of this vulnerability, iDefense
recommends using file system access control lists (ACLs) to prevent
reading the affected module. </p>
<p>For Good Mobile Messaging Server, Good Software recommends deleting the
GdFileConv.exe file and restarting the Messaging Server. </p>
<p>VI. VENDOR RESPONSE</p>
<p>Oracle has released a patch which addresses this issue. For more
information, consult their advisory at the following URL:</p>
<p>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>Good Technology has released a patch which addresses this issue. For
more information, consult their advisory at the following URL:</p>
<p>http://www.good.com/faq/18431.html</p>
<p>VII. CVE INFORMATION</p>
<p>The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2009-1009 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems. </p>
<p>VIII. DISCLOSURE TIMELINE</p>
<p>01/30/2009 - GoodLink contact identified
01/30/2009 - Security contact research begins
02/05/2009 - Oracle contact identified
02/09/2009 - Initial Oracle Reply
02/09/2009 - Initial Vendor Notification
02/10/2009 - Initial GoodLink Reply
02/11/2009 - Oracle validation
02/16/2009 - GoodLink customer alert sent
02/16/2009 - GoodLink validation
02/19/2009 - Oracle requests PoC
02/19/2009 - PoC sent to Oracle
02/25/2009 - GoodLink status update
02/27/2009 - Oracle status update
03/06/2009 - GoodLink status update
04/14/2009 - Oracle patch released
05/13/2009 - CVE Corelation requested from Oracle
05/14/2009 - Coordinated Public Disclosure
05/14/2009 - GoodLink ready for disclosure coordinated with iDefense</p>
<p>IX. CREDIT</p>
<p>This vulnerability was discovered by Joshua J. Drake, iDefense Labs. </p>
<p>Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php</p>
<p>Free tools, research and upcoming events
http://labs.idefense.com/</p>
<p>X. LEGAL NOTICES</p>
<p>Copyright \xa9 2009 iDefense, Inc. </p>
<p>Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission. </p>
<p>Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org</p>
<p>iD8DBQFKDc+jbjs6HoxIfBkRAvY9AJ9WjWSDZK8tmiaAo5tLkrRZrDDscwCeJ8qk
0aG0K5EpST6rBQF7jgOIhC8=
=94Xc
-----END PGP SIGNATURE-----</p>
<hr />
<p>Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. </p>
<p>I. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. Upon
entering the vulnerable function, data is copied from a heap buffer
into a stack buffer without ensuring that the data will fit. </p>
<p>It is interesting to note that this vulnerability was fixed some time
between the release of version 8.1.5 and version 8.1.9. No public
record exists documenting the existence of this vulnerability. </p>
<p>iDefense confirmed that the following versions are not affected:</p>
<p>8.1.9.4417 (shipped with GMMS 5.0.4.28 and GMMS 6.0.0.106)
8.2.2.4866
8.3.0.5129</p>
<p>V. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0429" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0429" aria-expanded="false" aria-controls="collapseJsonvar-200904-0429">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0429&t=Vulnerability var-200904-0429" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0429&title=Vulnerability var-200904-0429" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0429&url=https://vulnerability.circl.lu/vuln/var-200904-0429" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0429&title=Vulnerability var-200904-0429" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0429&description=Vulnerability var-200904-0429" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0429&title=Vulnerability var-200904-0429" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0429')" vuln-id="var-200904-0429" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0429">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0429">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0429",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "8.1.9"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.1.5.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.0.1.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "8"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5.3 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.2 cf25"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0.0.1 cf08"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.6 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.0.5129"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2.4866"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.9.4417"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.5.4282"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "6.0.0.106"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "5.0.4.28"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "4.9.3.41"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1009",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1009",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-326",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. \nAn attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application. \nNOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\niDefense Security Advisory 05.14.09\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 14, 2009\n\nI. BACKGROUND\n\nOracle Corp.\u0027s Outside In Technology is a document conversion engine\nsupporting a large number of binary file formats. Prior to Oracle\u0027s\nacquisition, the software was maintained by Stellent Inc. The software\nappears to have originated from \"QuickView\" for Windows 98, but later\nspun off. It is used by various software packages, one of which is\nMotorola Inc.\u0027s Good Mobile Messaging Server. For more information,\nvisit the vendors\u0027 sites at the URLs provided below. \n\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\n\nhttp://www.good.com/corp/index.php\n\nII. DESCRIPTION\n\nRemote exploitation of multiple buffer overflow vulnerabilities in\nOracle Corp.\u0027s Outside In Technology, as included in various vendors\u0027\nsoftware distributions, allow attackers to execute arbitrary code. \n\nTwo vulnerabilities exist due to a lack of bounds checking when\nprocessing specially crafted Microsoft Excel spreadsheet files. The two\nissues exist in two distinct functions. The two vulnerabilities are\nnearly identical, with the differentiating factor being the value of a\nflag bit within a record of the file. If the bit is set, the code path\nto the first vulnerable function is taken. Otherwise, the code path to\nthe second vulnerable function is taken. \n\nThe cause of the vulnerability is the same in each case. An array of\nstructures, stored on the stack, is manipulated in a loop without\nvalidating the bounds of the array. By crafting a file containing a\nproperly malformed record, it is possible to write outside the bounds\nof this array. The resulting stack corruption can lead to arbitrary\ncode execution. \n\nIII. ANALYSIS\n\nExploitation of these vulnerabilities allows attackers to execute\narbitrary code. In order to exploit these vulnerabilities, the attacker\nmust somehow supply a malformed document to an application that will\nprocess the document with Outside In Technology. Likewise, the\nprivileges gained will also depend on the software using the library. \n\nIn the case of Good Mobile Messaging Server, an attacker can send an\nelectronic mail message with an Excel spreadsheet attachment to a user. \nWhen the user chooses to view the spreadsheet, the vulnerable condition\nwill be triggered. Upon successful exploitation, the attacker will gain\nthe privileges of the \"GoodAdmin\" user. This is a special user account\nwhich, in some configurations, may be a member of the \"Administrator\"\ngroup. Regardless of the user\u0027s \"Administrator\" status, the user will\nalways have full privileges to \"Read\" and \"Send As\" all users on the\nMicrosoft Exchange server. This could allow an attacker to conduct\nfurther social engineering attacks. \n\nOther software packages using Outside In were not investigated. \n\nIV. DETECTION\n\niDefense confirmed the existence of these vulnerabilities using the\nfollow versions of Outside In on Windows Server 2003 SP2. \n\n 8.1.5.4282\n 8.1.9.4417\n 8.2.2.4866\n 8.3.0.5129\n\nAdditionally the following versions of Good Mobile Messaging Server for\nExchange ship with vulnerable versions of vsxl5.dll. \n\n 4.9.3.41\n 5.0.4.28\n 6.0.0.106\n\nAll versions of Outside In, including versions for operating systems\nother than Windows, are assumed to be vulnerable. Additionally, all\nsoftware that includes or uses Outside In is assumed to be vulnerable. \nEarlier versions, including those branded with other names, are\nvulnerable as well. \n\nV. WORKAROUND\n\nIn order to prevent exploitation of this vulnerability, iDefense\nrecommends using file system access control lists (ACLs) to prevent\nreading the affected module. \n\nFor Good Mobile Messaging Server, Good Software recommends deleting the\nGdFileConv.exe file and restarting the Messaging Server. \n\nVI. VENDOR RESPONSE\n\nOracle has released a patch which addresses this issue. For more\ninformation, consult their advisory at the following URL:\n\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nGood Technology has released a patch which addresses this issue. For\nmore information, consult their advisory at the following URL:\n\nhttp://www.good.com/faq/18431.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-1009 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/30/2009 - GoodLink contact identified\n01/30/2009 - Security contact research begins\n02/05/2009 - Oracle contact identified\n02/09/2009 - Initial Oracle Reply\n02/09/2009 - Initial Vendor Notification\n02/10/2009 - Initial GoodLink Reply\n02/11/2009 - Oracle validation\n02/16/2009 - GoodLink customer alert sent\n02/16/2009 - GoodLink validation\n02/19/2009 - Oracle requests PoC\n02/19/2009 - PoC sent to Oracle\n02/25/2009 - GoodLink status update\n02/27/2009 - Oracle status update\n03/06/2009 - GoodLink status update\n04/14/2009 - Oracle patch released\n05/13/2009 - CVE Corelation requested from Oracle\n05/14/2009 - Coordinated Public Disclosure\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\n\nIX. CREDIT\n\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2009 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFKDc+jbjs6HoxIfBkRAvY9AJ9WjWSDZK8tmiaAo5tLkrRZrDDscwCeJ8qk\n0aG0K5EpST6rBQF7jgOIhC8=\n=94Xc\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n\nI. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. Upon\nentering the vulnerable function, data is copied from a heap buffer\ninto a stack buffer without ensuring that the data will fit. \n\nIt is interesting to note that this vulnerability was fixed some time\nbetween the release of version 8.1.5 and version 8.1.9. No public\nrecord exists documenting the existence of this vulnerability. \n\niDefense confirmed that the following versions are not affected:\n\n 8.1.9.4417 (shipped with GMMS 5.0.4.28 and GMMS 6.0.0.106)\n 8.2.2.4866\n 8.3.0.5129\n\nV. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "77567"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77566"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1009",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53748",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "BID",
"id": "34994",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77567",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "77567"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77566"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"id": "VAR-200904-0429",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:59:59.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1660640",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"title": "1660774",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660774"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53748"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1009"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1009"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.oracle.com"
},
{
"trust": 0.6,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "/archive/1/503487"
},
{
"trust": 0.3,
"url": "/archive/1/503622"
},
{
"trust": 0.3,
"url": "/archive/1/503625"
},
{
"trust": 0.3,
"url": "/archive/1/503624"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://www.good.com/corp/index.php"
},
{
"trust": 0.2,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.2,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.2,
"url": "http://www.oracle.com/technology/products/content-management/oit/oit_all.html"
},
{
"trust": 0.2,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1009"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "77567"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77566"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "77567"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77566"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34994"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-05-16T18:48:21",
"db": "PACKETSTORM",
"id": "77567"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-05-16T18:46:42",
"db": "PACKETSTORM",
"id": "77566"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.967000",
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T19:20:00",
"db": "BID",
"id": "34994"
},
{
"date": "2014-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001239"
},
{
"date": "2016-11-18T15:22:20.277000",
"db": "NVD",
"id": "CVE-2009-1009"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Outside In Technology Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0435">var-200904-0435</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0435" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0435" aria-expanded="false" aria-controls="collapseJsonvar-200904-0435">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0435&t=Vulnerability var-200904-0435" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0435&title=Vulnerability var-200904-0435" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0435&url=https://vulnerability.circl.lu/vuln/var-200904-0435" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0435&title=Vulnerability var-200904-0435" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0435&description=Vulnerability var-200904-0435" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0435&title=Vulnerability var-200904-0435" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0435')" vuln-id="var-200904-0435" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0435">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0435">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0435",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.0 mp1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0 sp7"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1 sp6"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2 mp3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-1016",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1016",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-332",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1016",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"id": "VAR-200904-0435",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:20:00.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1016",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64934"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1016"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1016"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:01.077000",
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001248"
},
{
"date": "2017-08-17T01:30:09.083000",
"db": "NVD",
"id": "CVE-2009-1016"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of WebLogic Server Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-332"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201909-1540">var-201909-1540</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201909-1540" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201909-1540" aria-expanded="false" aria-controls="collapseJsonvar-201909-1540">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201909-1540&t=Vulnerability var-201909-1540" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201909-1540&title=Vulnerability var-201909-1540" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201909-1540&url=https://vulnerability.circl.lu/vuln/var-201909-1540" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201909-1540&title=Vulnerability var-201909-1540" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201909-1540&description=Vulnerability var-201909-1540" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201909-1540&title=Vulnerability var-201909-1540" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201909-1540')" vuln-id="var-201909-1540" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201909-1540">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201909-1540">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.0.210420",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"cve": "CVE-2019-3739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3739",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3739",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3739",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3739",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155174",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3739",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155174",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"id": "VAR-201909-1540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:21.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174;-crypto-j-multiple-security-vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98405"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
},
{
"problemtype": "CWE-203",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3739"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3739"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2019-09-18T23:15:11.110000",
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2023-11-07T03:10:11.060000",
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerability related to information disclosure caused by difference in response to security related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202107-1611">var-202107-1611</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202107-1611" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202107-1611" aria-expanded="false" aria-controls="collapseJsonvar-202107-1611">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202107-1611&t=Vulnerability var-202107-1611" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202107-1611&title=Vulnerability var-202107-1611" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202107-1611&url=https://vulnerability.circl.lu/vuln/var-202107-1611" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202107-1611&title=Vulnerability var-202107-1611" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202107-1611&description=Vulnerability var-202107-1611" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202107-1611&title=Vulnerability var-202107-1611" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202107-1611')" vuln-id="var-202107-1611" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202107-1611">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202107-1611">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "blockchain platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "hospitality opera 5",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "rapid planning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.42"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "retail order management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.5"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.3.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.1.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"model": "rapid planning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "documaker",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "documaker",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "financial services model management and governance",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0.0"
},
{
"model": "communications convergent charging controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.3.1"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services model management and governance",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "retail customer insights",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "hospitality inventory management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.3"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.11.0"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "goldengate application adapters",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.12.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.14.0"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "demantra demand management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "goldengate",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.1.1"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "health sciences inform crf submit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "spatial studio",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2.1"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.12"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.2"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.0"
},
{
"model": "communications convergent charging controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.7.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "retail customer insights",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "storagetek tape analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.10.2"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.5.0.0.220118"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.9.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.13.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "retail analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "hospitality inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.3.0"
},
{
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "zfs storage application integration engineering software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.3.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.2.0"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.2.2"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.2"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.1"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications metasolv solution",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "demantra demand management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "health sciences clinical development analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "oracle hospitality suite8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services model management and governance",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 professional project management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera data warehouse",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking digital experience",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube private banking",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "21.12 and earlier"
},
{
"model": "oracle retail xstore point of service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise manager ops center",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle clinical",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare foundation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application testing suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences inform crf submit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle goldengate",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance data gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "hyperion infrastructure technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail returns management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications metasolv solution",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance rules palette",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services behavior detection platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail service backbone",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services trade-based anti money laundering",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle demantra demand management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare data repository",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle data integrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail predictive application server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle spatial studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle airlines data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube investor servicing",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise data quality",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oss support tools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare translational research",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications application session controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail merchandising system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus safety",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications design studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle fusion middleware",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle real user experience insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "communications session route manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail price management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance policy administration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail assortment planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera unifier",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications convergent charging controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services foreign account tax compliance act management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities framework",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail point-of-service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail central office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications contacts server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile engineering data management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle policy automation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "enterprise manager base platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle zfs storage application integration engineering software",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order broker",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking apis",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle product lifecycle analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences clinical development analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle ilearning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network integrity",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "advanced networking option",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities testing accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences information manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail back office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle thesaurus management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus mart",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance insbridge rating and underwriting",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "big data spatial and graph",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services enterprise case management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail integration bus",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail customer insights",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network charging and control",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications calendar server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail store inventory management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle rapid planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle hospitality opera 5",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile plm",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle graph server and client",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail extract transform and load",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle times-ten in-memory database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:19c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:advanced_networking_option:12.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.11",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.12",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.5",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20.0",
"versionStartIncluding": "17.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.5.0.0.220118",
"versionStartIncluding": "19.1.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.2",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_mart:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1.0.0",
"versionStartIncluding": "8.0.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:12.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:21.1.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_inventory_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"cve": "CVE-2021-2351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-2351",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-377037",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-013664",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-2351",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2021-2351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377037",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-2351",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "165258",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "165255",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012652",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041941",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072053",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012331",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012766",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012328",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012771",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072093",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-09810",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377037",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-2351",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"id": "VAR-202107-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-17T21:15:00.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"title": "Oracle Database Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-384",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/165258/oracle-database-weak-nne-integrity-key-derivation.html"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/165255/oracle-database-protection-mechanism-bypass.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/19"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2351"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072053"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6507591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072093"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041941"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220422122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012766"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012328"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011911"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2021-35942"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012331"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012771"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2021-07-21T15:15:21.827000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2024-02-16T18:48:45.617000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle\u00a0Database\u00a0Server\u00a0 of \u00a0Advanced\u00a0Networking\u00a0Option\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202001-1870">var-202001-1870</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat Fuse 7.8.0 release and security update
Advisory ID: RHSA-2020:5568-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568
Issue date: 2020-12-16
CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210
CVE-2019-2692 CVE-2019-3773 CVE-2019-3774
CVE-2019-10202 CVE-2019-10219 CVE-2019-11777
CVE-2019-12406 CVE-2019-12423 CVE-2019-13990
CVE-2019-14900 CVE-2019-17566 CVE-2019-17638
CVE-2019-19343 CVE-2020-1714 CVE-2020-1719
CVE-2020-1950 CVE-2020-1960 CVE-2020-5398
CVE-2020-7226 CVE-2020-9488 CVE-2020-9489
CVE-2020-10683 CVE-2020-10740 CVE-2020-11612
CVE-2020-11971 CVE-2020-11972 CVE-2020-11973
CVE-2020-11980 CVE-2020-11989 CVE-2020-11994
CVE-2020-13692 CVE-2020-13933 CVE-2020-14326
====================================================================
1. Summary:</p>
<p>A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse
7.7, and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>libquartz: XXE attacks via job description (CVE-2019-13990)</p>
</li>
<li>
<p>jetty: double release of resource can lead to information disclosure
(CVE-2019-17638)</p>
</li>
<li>
<p>keycloak: Lack of checks in ObjectInputStream leading to Remote Code
Execution (CVE-2020-1714)</p>
</li>
<li>
<p>springframework: RFD attack via Content-Disposition Header sourced from
request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)</p>
</li>
<li>
<p>wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
(CVE-2020-10740)</p>
</li>
<li>
<p>camel: RabbitMQ enables Java deserialization by default which could leed
to remote code execution (CVE-2020-11972)</p>
</li>
<li>
<p>camel: Netty enables Java deserialization by default which could leed to
remote code execution (CVE-2020-11973)</p>
</li>
<li>
<p>shiro: spring dynamic controllers, a specially crafted request may cause
an authentication bypass (CVE-2020-11989)</p>
</li>
<li>
<p>camel: server-side template injection and arbitrary file disclosure on
templating components (CVE-2020-11994)</p>
</li>
<li>
<p>postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
(CVE-2020-13692)</p>
</li>
<li>
<p>shiro: specially crafted HTTP request may cause an authentication bypass
(CVE-2020-13933)</p>
</li>
<li>
<p>RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)</p>
</li>
<li>
<p>jackson-modules-java8: DoS due to an Improper Input Validation
(CVE-2018-1000873)</p>
</li>
<li>
<p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p>
</li>
<li>
<p>thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>mysql-connector-java: privilege escalation in MySQL connector
(CVE-2019-2692)</p>
</li>
<li>
<p>spring-ws: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3773)</p>
</li>
<li>
<p>spring-batch: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3774)</p>
</li>
<li>
<p>codehaus: incomplete fix for unsafe deserialization in jackson-databind
vulnerabilities (CVE-2019-10202)</p>
</li>
<li>
<p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p>
</li>
<li>
<p>org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT
library (CVE-2019-11777)</p>
</li>
<li>
<p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p>
</li>
<li>
<p>cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12423)</p>
</li>
<li>
<p>hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)</p>
</li>
<li>
<p>batik: SSRF via "xlink:href" (CVE-2019-17566)</p>
</li>
<li>
<p>Undertow: Memory Leak in Undertow HttpOpenListener due to holding
remoting connections indefinitely (CVE-2019-19343)</p>
</li>
<li>
<p>Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)</p>
</li>
<li>
<p>apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)</p>
</li>
<li>
<p>cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)</p>
</li>
<li>
<p>tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's
Parsers (CVE-2020-9489)</p>
</li>
<li>
<p>dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)</p>
</li>
<li>
<p>netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)</p>
</li>
<li>
<p>camel: DNS Rebinding in JMX Connector could result in remote command
execution (CVE-2020-11971)</p>
</li>
<li>
<p>karaf: A remote client could create MBeans from arbitrary URLs
(CVE-2020-11980)</p>
</li>
<li>
<p>tika: excessive memory usage in PSDParser (CVE-2020-1950)</p>
</li>
<li>
<p>log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>Installation instructions are available from the Fuse 7.8.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector
1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability
1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution
1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution
1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers
1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass
1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs
1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components
1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS
1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure
1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass
1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-1000873
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-2692
https://access.redhat.com/security/cve/CVE-2019-3773
https://access.redhat.com/security/cve/CVE-2019-3774
https://access.redhat.com/security/cve/CVE-2019-10202
https://access.redhat.com/security/cve/CVE-2019-10219
https://access.redhat.com/security/cve/CVE-2019-11777
https://access.redhat.com/security/cve/CVE-2019-12406
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-13990
https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2019-17566
https://access.redhat.com/security/cve/CVE-2019-17638
https://access.redhat.com/security/cve/CVE-2019-19343
https://access.redhat.com/security/cve/CVE-2020-1714
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1950
https://access.redhat.com/security/cve/CVE-2020-1960
https://access.redhat.com/security/cve/CVE-2020-5398
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-9489
https://access.redhat.com/security/cve/CVE-2020-10683
https://access.redhat.com/security/cve/CVE-2020-10740
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-11971
https://access.redhat.com/security/cve/CVE-2020-11972
https://access.redhat.com/security/cve/CVE-2020-11973
https://access.redhat.com/security/cve/CVE-2020-11980
https://access.redhat.com/security/cve/CVE-2020-11989
https://access.redhat.com/security/cve/CVE-2020-11994
https://access.redhat.com/security/cve/CVE-2020-13692
https://access.redhat.com/security/cve/CVE-2020-13933
https://access.redhat.com/security/cve/CVE-2020-14326
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X
kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X
YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd
7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg
z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y
AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN
0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH
ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT
RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh
PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0
Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA
f8t2frnd7kM=jGVK
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202001-1870" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202001-1870" aria-expanded="false" aria-controls="collapseJsonvar-202001-1870">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202001-1870&t=Vulnerability var-202001-1870" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202001-1870&title=Vulnerability var-202001-1870" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202001-1870&url=https://vulnerability.circl.lu/vuln/var-202001-1870" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202001-1870&title=Vulnerability var-202001-1870" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202001-1870&description=Vulnerability var-202001-1870" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202001-1870&title=Vulnerability var-202001-1870" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202001-1870')" vuln-id="var-202001-1870" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202001-1870">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202001-1870">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications billing and revenue management elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "data availability services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications billing and revenue management elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.12"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance calculation engine",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.16"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.0"
},
{
"model": "siebel engineering - installer \\\u0026 deployment",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.13"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.20"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "spring framework",
"scope": null,
"trust": 0.8,
"vendor": "pivotal",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.16",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.13",
"versionStartIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.12",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
}
],
"trust": 0.1
},
"cve": "CVE-2020-5398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-5398",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-183523",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security@pivotal.io",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-5398",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5398",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@pivotal.io",
"id": "CVE-2020-5398",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183523",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-5398",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.8.0 release and security update\nAdvisory ID: RHSA-2020:5568-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5568\nIssue date: 2020-12-16\nCVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210\n CVE-2019-2692 CVE-2019-3773 CVE-2019-3774\n CVE-2019-10202 CVE-2019-10219 CVE-2019-11777\n CVE-2019-12406 CVE-2019-12423 CVE-2019-13990\n CVE-2019-14900 CVE-2019-17566 CVE-2019-17638\n CVE-2019-19343 CVE-2020-1714 CVE-2020-1719\n CVE-2020-1950 CVE-2020-1960 CVE-2020-5398\n CVE-2020-7226 CVE-2020-9488 CVE-2020-9489\n CVE-2020-10683 CVE-2020-10740 CVE-2020-11612\n CVE-2020-11971 CVE-2020-11972 CVE-2020-11973\n CVE-2020-11980 CVE-2020-11989 CVE-2020-11994\n CVE-2020-13692 CVE-2020-13933 CVE-2020-14326\n====================================================================\n1. Summary:\n\nA minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse\n7.7, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* jetty: double release of resource can lead to information disclosure\n(CVE-2019-17638)\n\n* keycloak: Lack of checks in ObjectInputStream leading to Remote Code\nExecution (CVE-2020-1714)\n\n* springframework: RFD attack via Content-Disposition Header sourced from\nrequest input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* camel: RabbitMQ enables Java deserialization by default which could leed\nto remote code execution (CVE-2020-11972)\n\n* camel: Netty enables Java deserialization by default which could leed to\nremote code execution (CVE-2020-11973)\n\n* shiro: spring dynamic controllers, a specially crafted request may cause\nan authentication bypass (CVE-2020-11989)\n\n* camel: server-side template injection and arbitrary file disclosure on\ntemplating components (CVE-2020-11994)\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML\n(CVE-2020-13692)\n\n* shiro: specially crafted HTTP request may cause an authentication bypass\n(CVE-2020-13933)\n\n* RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)\n\n* jackson-modules-java8: DoS due to an Improper Input Validation\n(CVE-2018-1000873)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* mysql-connector-java: privilege escalation in MySQL connector\n(CVE-2019-2692)\n\n* spring-ws: XML External Entity Injection (XXE) when receiving XML data\nfrom untrusted sources (CVE-2019-3773)\n\n* spring-batch: XML External Entity Injection (XXE) when receiving XML data\nfrom untrusted sources (CVE-2019-3774)\n\n* codehaus: incomplete fix for unsafe deserialization in jackson-databind\nvulnerabilities (CVE-2019-10202)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT\nlibrary (CVE-2019-11777)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12423)\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Undertow: Memory Leak in Undertow HttpOpenListener due to holding\nremoting connections indefinitely (CVE-2019-19343)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* tika-core: Denial of Service Vulnerabilities in Some of Apache Tika\u0027s\nParsers (CVE-2020-9489)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* camel: DNS Rebinding in JMX Connector could result in remote command\nexecution (CVE-2020-11971)\n\n* karaf: A remote client could create MBeans from arbitrary URLs\n(CVE-2020-11980)\n\n* tika: excessive memory usage in PSDParser (CVE-2020-1950)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.8.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources\n1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector\n1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution\n1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application\n1801149 - CVE-2019-13990 libquartz: XXE attacks via job description\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability\n1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution\n1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution\n1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika\u0027s Parsers\n1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass\n1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs\n1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML\n1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components\n1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS\n1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure\n1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass\n1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1000873\nhttps://access.redhat.com/security/cve/CVE-2019-0205\nhttps://access.redhat.com/security/cve/CVE-2019-0210\nhttps://access.redhat.com/security/cve/CVE-2019-2692\nhttps://access.redhat.com/security/cve/CVE-2019-3773\nhttps://access.redhat.com/security/cve/CVE-2019-3774\nhttps://access.redhat.com/security/cve/CVE-2019-10202\nhttps://access.redhat.com/security/cve/CVE-2019-10219\nhttps://access.redhat.com/security/cve/CVE-2019-11777\nhttps://access.redhat.com/security/cve/CVE-2019-12406\nhttps://access.redhat.com/security/cve/CVE-2019-12423\nhttps://access.redhat.com/security/cve/CVE-2019-13990\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2019-17566\nhttps://access.redhat.com/security/cve/CVE-2019-17638\nhttps://access.redhat.com/security/cve/CVE-2019-19343\nhttps://access.redhat.com/security/cve/CVE-2020-1714\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1950\nhttps://access.redhat.com/security/cve/CVE-2020-1960\nhttps://access.redhat.com/security/cve/CVE-2020-5398\nhttps://access.redhat.com/security/cve/CVE-2020-7226\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9489\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11971\nhttps://access.redhat.com/security/cve/CVE-2020-11972\nhttps://access.redhat.com/security/cve/CVE-2020-11973\nhttps://access.redhat.com/security/cve/CVE-2020-11980\nhttps://access.redhat.com/security/cve/CVE-2020-11989\nhttps://access.redhat.com/security/cve/CVE-2020-11994\nhttps://access.redhat.com/security/cve/CVE-2020-13692\nhttps://access.redhat.com/security/cve/CVE-2020-13933\nhttps://access.redhat.com/security/cve/CVE-2020-14326\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.8.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X\nkJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X\nYJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd\n7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg\nz66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y\nAwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN\n0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH\nZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT\nRH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh\nPgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0\nMtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA\nf8t2frnd7kM=jGVK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "PACKETSTORM",
"id": "160562"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5398",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042844",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072772",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072132",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4464",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183523",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-5398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160562",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"id": "VAR-202001-1870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-25T20:55:50.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-5398: RFD Attack via \u201cContent-Disposition\u201d Header Sourced from Request Input by Spring MVC or Spring WebFlux Application",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2020-5398"
},
{
"title": "Pivotal Software Spring Framework Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110175"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.8.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205568 - security advisory"
},
{
"title": "CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC",
"trust": 0.1,
"url": "https://github.com/motikan2010/cve-2020-5398 "
},
{
"title": "Wapiti - Web Vulnerability Scanner",
"trust": 0.1,
"url": "https://github.com/wapiti-scanner/wapiti "
},
{
"title": "SpringSecurity",
"trust": 0.1,
"url": "https://github.com/ax1sx/springsecurity "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pctf/vulnerable-app "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-494",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://pivotal.io/security/cve-2020-5398"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5398"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3ccommits.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3cissues.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3cdev.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3cdev.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3ccommits.camel.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5398"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3ccommits.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3ccommits.camel.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3cdev.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3cdev.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3cissues.karaf.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3cdev.rocketmq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072772"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4464/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072132"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/spring-framework-file-reading-via-content-disposition-reflected-file-download-31360"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042844"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11972"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11989"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11980"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5398"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13933"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11994"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11777"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183523"
},
{
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-183523"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"date": "2020-12-16T18:17:52",
"db": "PACKETSTORM",
"id": "160562"
},
{
"date": "2020-01-17T00:15:12.103000",
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-183523"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5398"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001405"
},
{
"date": "2023-11-07T03:23:46.420000",
"db": "NVD",
"id": "CVE-2020-5398"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160562"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-839"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities in the integrity of downloaded code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202004-0345">var-202004-0345</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. Description:</p>
<p>This release of Red Hat build of Thorntail 2.5.1 includes security updates,
bug fixes, and enhancements. Solution:</p>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs
1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates
1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation
1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console
1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth
1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth
1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service
1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass
1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package
1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package
1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package
1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.<em>
1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.</em>
1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments
1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Satellite 6.8 release
Advisory ID: RHSA-2020:4366-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366
Issue date: 2020-10-27
CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781
CVE-2019-16782 CVE-2020-5216 CVE-2020-5217
CVE-2020-5267 CVE-2020-7238 CVE-2020-7663
CVE-2020-7942 CVE-2020-7943 CVE-2020-8161
CVE-2020-8184 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10693
CVE-2020-10968 CVE-2020-10969 CVE-2020-11619
CVE-2020-14061 CVE-2020-14062 CVE-2020-14195
CVE-2020-14334 CVE-2020-14380
====================================================================
1. Summary:</p>
<p>An update is now available for Red Hat Satellite 6.8 for RHEL 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Satellite 6.7 - noarch, x86_64
Red Hat Satellite Capsule 6.8 - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool. </p>
<p>Security Fix(es):</p>
<ul>
<li>mysql-connector-java: Connector/J unspecified vulnerability (CPU October
2018) (CVE-2018-3258)</li>
<li>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</li>
<li>rubygem-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7663)</li>
<li>puppet: puppet server and puppetDB may leak sensitive information via
metrics API (CVE-2020-7943)</li>
<li>jackson-databind: multiple serialization gadgets (CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)</li>
<li>foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)</li>
<li>Satellite: Local user impersonation by Single sign-on (SSO) user leads to
account takeover (CVE-2020-14380)</li>
<li>Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)</li>
<li>rubygem-rack: hijack sessions by using timing attacks targeting the
session id (CVE-2019-16782)</li>
<li>rubygem-secure_headers: limited header injection when using dynamic
overrides with user input (CVE-2020-5216)</li>
<li>rubygem-secure_headers: directive injection when using dynamic overrides
with user input (CVE-2020-5217)</li>
<li>rubygem-actionview: views that use the <code>j</code> or <code>escape_javascript</code> methods
are susceptible to XSS attacks (CVE-2020-5267)</li>
<li>puppet: Arbitrary catalog retrieval (CVE-2020-7942)</li>
<li>rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)</li>
<li>rubygem-rack: percent-encoded cookies can be used to overwrite existing
prefixed cookie names (CVE-2020-8184)</li>
<li>hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)</li>
<li>puppet-agent: Puppet Agent does not properly verify SSL connection when
downloading a CRL (CVE-2018-11751)</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<p>Additional Changes:</p>
<ul>
<li>
<p>Provides the Satellite Ansible Modules that allow for full automation of
your Satellite configuration and deployment. </p>
</li>
<li>
<p>Adds ability to install Satellite and Capsules and manage hosts in a IPv6
network environment</p>
</li>
<li>
<p>Ansible based Capsule Upgrade automation: Ability to centrally upgrade
all of your Capsule servers with a single job execution. </p>
</li>
<li>
<p>Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest
version of Puppet</p>
</li>
<li>
<p>Support for HTTP UEFI provisioning</p>
</li>
<li>
<p>Support for CAC card authentication with Keycloak integration</p>
</li>
<li>
<p>Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8
using the LEAPP based tooling. </p>
</li>
<li>
<p>Support for Red Hat Enterprise Linux Traces integration</p>
</li>
<li>
<p>satellite-maintain & foreman-maintain are now self updating</p>
</li>
<li>
<p>Notifications in the UI to warn users when subscriptions are expiring. </p>
</li>
</ul>
<p>The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document linked to in the References
section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method <code>first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined method</code>split' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method <code>[]' for nil:NilClass
1771367 - undefined method</code>request_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method <code>[]' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Remove</code>use_puppet_default<code>api params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined method</code>map' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method <code>mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method</code>[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page <title>
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.<em>.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method <code>tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use the</code>j<code>or</code>escape_javascript<code>methods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or method</code>implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method <code>[]' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined method</code>klass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method <code>default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with error</code>requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-</em>.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-<em>.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-</em>.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject>
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Satellite Capsule 6.8:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>Red Hat Satellite 6.7:</p>
<p>Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
candlepin-3.1.21-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
foreman-selinux-2.1.2.3-1.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pcp-mmvstatsd-0.4-2.el7sat.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-aiohttp-3.6.2-4.el7ar.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-async-timeout-3.0.1-2.el7ar.src.rpm
python-attrs-19.3.0-3.el7ar.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-chardet-3.0.4-10.el7ar.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-dateutil-2.8.1-2.el7ar.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-idna-2.4-2.el7ar.src.rpm
python-idna-ssl-1.1.0-2.el7ar.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-multidict-4.7.4-2.el7ar.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-prometheus-client-0.7.1-2.el7ar.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-receptor-satellite-1.2.0-1.el7sat.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-six-1.11.0-8.el7ar.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-typing-extensions-3.7.4.1-2.el7ar.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-yarl-1.4.2-2.el7ar.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
receptor-0.6.3-1.el7ar.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm
rubygem-facter-2.4.1-2.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
rubygem-passenger-4.0.18-24.el7sat.src.rpm
rubygem-rack-1.6.12-1.el7sat.src.rpm
rubygem-rake-0.9.2.2-41.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm
tfm-rubygem-git-1.5.0-1.el7sat.src.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-3.3.0-1.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm
tfm-rubygem-os-1.0.0-1.el7sat.src.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm
tfm-rubygem-text-1.3.0-7.el7sat.src.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm</p>
<p>noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
candlepin-3.1.21-1.el7sat.noarch.rpm
candlepin-selinux-3.1.21-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-2.1.2.19-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-cli-2.1.2.19-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm
foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm
foreman-gce-2.1.2.19-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-journald-2.1.2.19-1.el7sat.noarch.rpm
foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm
foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm
foreman-service-2.1.2.19-1.el7sat.noarch.rpm
foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm
foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm
katello-3.16.0-1.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
katello-selinux-3.4.0-1.el7sat.noarch.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
python3-async-timeout-3.0.1-2.el7ar.noarch.rpm
python3-attrs-19.3.0-3.el7ar.noarch.rpm
python3-chardet-3.0.4-10.el7ar.noarch.rpm
python3-dateutil-2.8.1-2.el7ar.noarch.rpm
python3-idna-2.4-2.el7ar.noarch.rpm
python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm
python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm
python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm
python3-six-1.11.0-8.el7ar.noarch.rpm
python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
receptor-0.6.3-1.el7ar.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
rubygem-rack-1.6.12-1.el7sat.noarch.rpm
rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm
satellite-6.8.0-1.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-cli-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm
tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm
tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm
tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm</p>
<p>x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_passenger-4.0.18-24.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm
python3-multidict-4.7.4-2.el7ar.x86_64.rpm
python3-yarl-1.4.2-2.el7ar.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm
rubygem-facter-2.4.1-2.el7sat.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-3258
https://access.redhat.com/security/cve/CVE-2018-11751
https://access.redhat.com/security/cve/CVE-2019-12781
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2020-5216
https://access.redhat.com/security/cve/CVE-2020-5217
https://access.redhat.com/security/cve/CVE-2020-5267
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/cve/CVE-2020-7663
https://access.redhat.com/security/cve/CVE-2020-7942
https://access.redhat.com/security/cve/CVE-2020-7943
https://access.redhat.com/security/cve/CVE-2020-8161
https://access.redhat.com/security/cve/CVE-2020-8184
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-14061
https://access.redhat.com/security/cve/CVE-2020-14062
https://access.redhat.com/security/cve/CVE-2020-14195
https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/cve/CVE-2020-14380
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK
1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa
5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr
oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f
Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io
OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX
k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG
C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5
/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta
D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a
f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG
1yK/tAm1KBU=osSG
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. </p>
<p>NOTE: This advisory is an addendum to
https://access.redhat.com/errata/RHBA-2020:1414 and is an informational
advisory only, to clarify security fixes released therein. No code has been
modified as part of this advisory. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jackson-databind: Serialization gadgets in org.springframework:spring-aop
(CVE-2020-11619)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
(CVE-2020-11620)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop</p>
<ol>
<li>The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </li>
</ol>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 18.0</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202004-0345" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202004-0345" aria-expanded="false" aria-controls="collapseJsonvar-202004-0345">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202004-0345&t=Vulnerability var-202004-0345" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202004-0345&url=https://vulnerability.circl.lu/vuln/var-202004-0345" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202004-0345&description=Vulnerability var-202004-0345" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202004-0345&title=Vulnerability var-202004-0345" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202004-0345')" vuln-id="var-202004-0345" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202004-0345">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202004-0345">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 1.4
},
"cve": "CVE-2020-11619",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-164215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11619",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11619",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-387",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164215",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nThis release of Red Hat build of Thorntail 2.5.1 includes security updates,\nbug fixes, and enhancements. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates\n1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation\n1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n6. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11619"
},
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11619",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157834",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1857",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48396",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-28475",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-164215",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"id": "VAR-202004-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:17:07.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115606"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202320 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202565 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2680"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157834/red-hat-security-advisory-2020-2320-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1857/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-spring-aop-methodlocatingfactorybean-serialization-gadgets-typing-32066"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48396"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2320"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-164215"
},
{
"date": "2020-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724"
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-05-26T20:50:36",
"db": "PACKETSTORM",
"id": "157834"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"date": "2020-04-07T23:15:12.077000",
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-164215"
},
{
"date": "2021-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"date": "2023-11-07T03:15:00.010000",
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202004-2191">var-202004-2191</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:</p>
<p>For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:3247-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3247
Issue date: 2020-08-04
CVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086
CVE-2019-13990 CVE-2019-17195 CVE-2019-19336
CVE-2020-7598 CVE-2020-10775 CVE-2020-11022
CVE-2020-11023
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Updated ovirt-engine packages that fix several bugs and add various
enhancements are now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view
and manage virtual machines. The Manager provides a comprehensive range of
features including search capabilities, resource management, live
migrations, and virtual infrastructure provisioning. </p>
<p>The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a VM Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API). </p>
<p>A list of bugs fixed in this update is available in the Technical Notes
book:</p>
<p>https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht
ml-single/technical_notes</p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>libquartz: XXE attacks via job description (CVE-2019-13990)</p>
</li>
<li>
<p>novnc: XSS vulnerability via the messages propagated to the status field
(CVE-2017-18635)</p>
</li>
<li>
<p>bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)</p>
</li>
<li>
<p>nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)</p>
</li>
<li>
<p>ovirt-engine: response_type parameter allows reflected XSS
(CVE-2019-19336)</p>
</li>
<li>
<p>nodejs-minimist: prototype pollution allows adding or modifying
properties of Object.prototype using a constructor or <strong>proto</strong> payload
(CVE-2020-7598)</p>
</li>
<li>
<p>ovirt-engine: Redirect to arbitrary URL allows for phishing
(CVE-2020-10775)</p>
</li>
<li>
<p>Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)</p>
</li>
<li>
<p>jQuery: passing HTML containing <option> elements to manipulation methods
could result in untrusted code execution (CVE-2020-11023)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/2974891</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1080097 - [RFE] Allow editing disks details in the Disks tab
1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up)
1358501 - [RFE] multihost network change - notify when done
1427717 - [RFE] Create and/or select affinity group upon VM creation.
1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain
1507438 - not able to deploy new rhvh host when "/tmp" is mounted with "noexec" option
1523835 - Hosted-Engine: memory hotplug does not work for engine vm
1527843 - [Tracker] Q35 chipset support (with seabios)
1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification
1535796 - Undeployment of HE is not graceful
1546838 - [RFE] Refuse to deploy on localhost.localdomain
1547937 - [RFE] Live Storage Migration progress bar.
1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work).
1593800 - [RFE] forbid new mac pools with overlapping ranges
1596178 - inconsistent display between automatic and manual Pool Type
1600059 - [RFE] Add by default a storage lease to HA VMs
1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error "Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn't supported. Please perform the updates separately."
1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2
1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result
1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state
1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths
1642273 - [UI] - left nav border highlight missing in RHV
1647440 - [RFE][UI] Provide information about the VM next run
1648345 - Jobs are not properly cleaned after a failed task.
1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking
1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted
1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity)
1651939 - a new size of the direct LUN not updated in Admin Portal
1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row
1654889 - [RFE] Support console VNC for mediated devices
1656621 - Importing VM OVA always enables 'Cloud-Init/Sysprep'
1658101 - [RESTAPI] Adding ISO disables serial console
1659161 - Unable to edit pool that is delete protected
1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours
1660644 - Concurrent LSMs of the same disk can be issued via the REST-API
1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2
1664479 - Third VM fails to get migrated when host is placed into maintenance mode
1666913 - [UI] warn users about different "Vdsm Name" when creating network with a fancy char or long name
1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine
1671876 - "Bond Active Slave" parameter on RHV-M GUI shows an incorrect until Refresh Caps
1679039 - Unable to upload image through Storage->Domain->Disk because of wrong DC
1679110 - [RFE] change Admin Portal toast notifications location
1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales
1679730 - Warn about host IP addresses outside range
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute
1686650 - Memory snapshots' deletion logging unnecessary WARNINGS in engine.log
1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds
1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4
1690155 - Disk migration progress bar not clearly visible and unusable.
1690475 - When a live storage migration fails, the auto generated snapshot does not get removed
1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage
1692592 - "Enable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk
1693628 - Engine generates too many updates to vm_dynamic table due to the session change
1693813 - Do not change DC level if there are VMs running/paused with older CL.
1695026 - Failure in creating snapshots during "Live Storage Migration" can result in a nonexistent snapshot
1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains)
1696245 - [RFE] Allow full customization while cloning a VM
1696669 - Build bouncycastle for RHV 4.4 RHEL 8
1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8
1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8
1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider
1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist
1700036 - [RFE] Add RedFish API for host power management for RHEV
1700319 - VM is going to pause state with "storage I/O error".
1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI)
1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent
1700867 - Build makeself for RHV 4.4 RHEL 8
1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8
1701491 - Build RHV-M 4.4 - RHEL 8
1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8
1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8
1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8
1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8
1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8
1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8
1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8
1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8
1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8
1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot
1703428 - VMs migrated from KVM to RHV show warning 'The latest guest agent needs to be installed and running on the guest'
1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option
1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8
1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself.
1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP
1712255 - Drop 4.1 datacenter/cluster level
1712746 - [RFE] Ignition support for ovirt vms
1712890 - engine-setup should check for snapshots in unsupported CL
1714528 - Missing IDs on cluster upgrade buttons
1714633 - Using more than one asterisk in the search string is not working when searching for users.
1714834 - Cannot disable SCSI passthrough using API
1715725 - Sending credentials in query string logs them in ovirt-request-logs
1716590 - [RFE][UX] Make Cluster-wide "Custom serial number policy" value visible at VM level
1718818 - [RFE] Enhance local disk passthrough
1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8
1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8
1720795 - New guest tools are available mark in case of guest tool located on Data Domain
1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt->RHV rebrand glitch?)
1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD
1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network.
1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject
1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255)
1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters
1730436 - Snapshot creation was successful, but snapshot remains locked
1731212 - RHV 4.4 landing page does not show login or allow scrolling.
1731590 - Cannot preview snapshot, it fails and VM remains locked.
1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade
1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4
1733843 - Export to OVA fails if VM is running on the Host doing the export
1734839 - Unable to start guests in our Power9 cluster without running in headless mode.
1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON
1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM
1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels.
1741102 - host activation causes RHHI nodes to lose the quorum
1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk
1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device
1743690 - Commit and Undo buttons active when no snapshot selected
1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels
1745384 - [IPv6 Static] Engine should allow updating network's static ipv6gateway
1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8
1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0
1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine
1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8
1747772 - Extra white space at the top of webadmin dialogs
1749284 - Change the Snapshot operation to be asynchronous
1749944 - teardownImage attempts to deactivate in-use LV's rendering the VM disk image/volumes in locked state.
1750212 - MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged
1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4
1750357 - [Tracking] ovirt-web-ui for RHV 4.4
1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4
1750482 - From VM Portal, users cannot create Operating System Windows VM.
1751215 - Unable to change Graphical Console of HE VM.
1751268 - add links to Insights to landing page
1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API
1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8
1752995 - [RFE] Need to be able to set default console option
1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8
1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8
1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support
1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries
1754490 - RHV Manager cannot start on EAP 7.2.4
1755412 - Setting "oreg_url: registry.redhat.io" fails with error
1758048 - clone(as thin) VM from template or create snapshot fails with 'Requested capacity 1073741824 < parent capacity 3221225472 (volume:1211)'
1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager
1762281 - Import of OVA created from template fails with java.lang.NullPointerException
1763992 - [RFE] Show "Open Console" as the main option in the VM actions menu
1764289 - Document details how each fence agent can be configured in RESTAPI
1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4
1764943 - Create Snapshot does not proceed beyond CreateVolume
1764959 - Apache is configured to offer TRACE method (security)
1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field
1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system
1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API
1768844 - RHEL Advanced virtualization module streams support
1769463 - [Scale] Slow performance for api/clusters when many networks devices are present
1770237 - Cannot assign a vNIC profile for VM instance profile.
1771793 - VM Portal crashes in what appears to be a permission related problem.
1773313 - RHV Metric store installation fails with error: "You need to install \"jmespath\" prior to running json_query filter"
1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI.
1779580 - drop rhvm-doc package
1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS
1782236 - Windows Update (the drivers) enablement
1782279 - Warning message for low space is not received on Imported Storage domain
1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented
1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic
1784385 - Still requiring rhvm-doc in rhvm-setup-plugins
1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal.
1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error "VirtIO-SCSI is disabled for the VM"
1796809 - Build apache-sshd for RHV 4.4 RHEL 8
1796811 - Remove bundled apache-sshd library
1796815 - Build snmp4j for RHV 4.4 RHEL 8
1796817 - Remove bundled snmp4j library
1797316 - Snapshot creation from VM fails on second snapshot and afterwords
1797500 - Add disk operation failed to complete.
1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8
1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8
1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8
1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8
1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8
1799171 - Build ws-commons-util for RHV 4.4 RHEL 8
1799204 - Build xmlrpc for RHV 4.4 RHEL 8
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801709 - Disable activation of the host while Enroll certificate flow is still in progress
1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export
1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win
1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine
1807047 - Build m2crypto for RHV 4.4 RHEL 8
1807860 - [RFE] Allow resource allocation options to be customized
1808096 - Uploading ISOs causes "Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null"
1808126 - host_service.install() does not work with deploy_hosted_engine as True.
1809040 - [CNV&RHV] let the user know that token is not valid anymore
1809052 - [CNV&RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec )
1809875 - rhv-image-discrepancies only compares images on the last DC
1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored
1810893 - mountOptions is ignored for "import storage domain" from GUI
1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries
1811869 - [Scale] Webadmin\REST for host interface list response time is too long because of excessive amount of qos related sql queries
1812875 - Unable to create VMs when french Language is selected for the rhvm gui.
1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured
1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or <strong>proto</strong> payload
1814197 - [CNV&RHV] when provider is remover DC is left behind and active
1814215 - [CNV&RHV] Adding new provider to engine fails after succesfull test
1816017 - Build log4j12 for RHV 4.4 EL8
1816643 - [CNV&RHV] VM created in CNV not visible in RHV
1816654 - [CNV&RHV] adding provider with already created vm failed
1816693 - [CNV&RHV] CNV VM failed to restart even if 1st dialog looks fine
1816739 - [CNV&RHV] CNV VM updated form CNV side doesn't update vm properties over on RHV side
1817467 - [Tracking] Migration path between RHV 4.3 and 4.4
1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2
1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update
1819248 - Cannot upgrade host after engine setup
1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev)
1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data
1820621 - Build apache-commons-compress for RHV 4.4 EL8
1820638 - Build apache-commons-jxpath for RHV 4.4 EL8
1821164 - Failed snapshot creation can cause data corruption of other VMs
1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts
1824095 - VM portal shows only error
1825793 - RHV branding is missing after upgrade from 4.3
1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3
1826437 - The console client resources page return HTTP code 500
1826801 - [CNV&RHV] update of memory on cnv side does not propagate to rhv
1826855 - [cnv&rhv] update of cpu on cnv side causing expetion in engine.log
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging]
1828736 - [CNV&RHV] cnv template is not propagated to rhv
1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights
1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev)
1829830 - vhost custom properties does not accept '-'
1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8
1834523 - Edit VM -> Enable Smartcard sharing does not stick when VM is running
1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen
1841495 - Upgrade openstack-java-sdk to 3.2.9
1842495 - high cpu usage after entering wrong search pattern in RHVM
1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit
1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation
1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW
1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing
1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020)
1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page</p>
<ol>
<li>Package List:</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:</p>
<p>Source:
ansible-runner-1.4.5-1.el8ar.src.rpm
ansible-runner-service-1.0.2-1.el8ev.src.rpm
apache-commons-collections4-4.4-1.el8ev.src.rpm
apache-commons-compress-1.18-1.el8ev.src.rpm
apache-commons-configuration-1.10-1.el8ev.src.rpm
apache-commons-jexl-2.1.1-1.el8ev.src.rpm
apache-commons-jxpath-1.3-29.el8ev.src.rpm
apache-commons-vfs-2.4.1-1.el8ev.src.rpm
apache-sshd-2.5.1-1.el8ev.src.rpm
ebay-cors-filter-1.0.1-4.el8ev.src.rpm
ed25519-java-0.3.0-1.el8ev.src.rpm
engine-db-query-1.6.1-1.el8ev.src.rpm
java-client-kubevirt-0.5.0-1.el8ev.src.rpm
log4j12-1.2.17-22.el8ev.src.rpm
m2crypto-0.35.2-5.el8ev.src.rpm
makeself-2.4.0-4.el8ev.src.rpm
novnc-1.1.0-1.el8ost.src.rpm
openstack-java-sdk-3.2.9-1.el8ev.src.rpm
ovirt-cockpit-sso-0.1.4-1.el8ev.src.rpm
ovirt-engine-4.4.1.8-0.7.el8ev.src.rpm
ovirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm
ovirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm
ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm
ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm
ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm
ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm
ovirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm
ovirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm
ovirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm
ovirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm
ovirt-log-collector-4.4.2-1.el8ev.src.rpm
ovirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm
ovirt-web-ui-1.6.3-1.el8ev.src.rpm
python-aniso8601-0.82-4.el8ost.src.rpm
python-flask-1.0.2-2.el8ost.src.rpm
python-flask-restful-0.3.6-8.el8ost.src.rpm
python-netaddr-0.7.19-8.1.el8ost.src.rpm
python-notario-0.0.16-2.el8cp.src.rpm
python-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm
python-pbr-5.1.2-2.el8ost.src.rpm
python-six-1.12.0-1.el8ost.src.rpm
python-websocket-client-0.54.0-1.el8ost.src.rpm
python-werkzeug-0.16.0-1.el8ost.src.rpm
rhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm
rhvm-branding-rhv-4.4.4-1.el8ev.src.rpm
rhvm-dependencies-4.4.0-1.el8ev.src.rpm
rhvm-setup-plugins-4.4.2-1.el8ev.src.rpm
snmp4j-2.4.1-1.el8ev.src.rpm
unboundid-ldapsdk-4.0.14-1.el8ev.src.rpm
vdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm
ws-commons-util-1.0.2-1.el8ev.src.rpm
xmlrpc-3.1.3-1.el8ev.src.rpm</p>
<p>noarch:
ansible-runner-1.4.5-1.el8ar.noarch.rpm
ansible-runner-service-1.0.2-1.el8ev.noarch.rpm
apache-commons-collections4-4.4-1.el8ev.noarch.rpm
apache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm
apache-commons-compress-1.18-1.el8ev.noarch.rpm
apache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm
apache-commons-configuration-1.10-1.el8ev.noarch.rpm
apache-commons-jexl-2.1.1-1.el8ev.noarch.rpm
apache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm
apache-commons-jxpath-1.3-29.el8ev.noarch.rpm
apache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm
apache-commons-vfs-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm
apache-sshd-2.5.1-1.el8ev.noarch.rpm
apache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm
ebay-cors-filter-1.0.1-4.el8ev.noarch.rpm
ed25519-java-0.3.0-1.el8ev.noarch.rpm
ed25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm
engine-db-query-1.6.1-1.el8ev.noarch.rpm
java-client-kubevirt-0.5.0-1.el8ev.noarch.rpm
log4j12-1.2.17-22.el8ev.noarch.rpm
log4j12-javadoc-1.2.17-22.el8ev.noarch.rpm
makeself-2.4.0-4.el8ev.noarch.rpm
novnc-1.1.0-1.el8ost.noarch.rpm
openstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm
openstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm
openstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm
ovirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm
ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm
ovirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm
ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm
ovirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm
ovirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm
ovirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm
ovirt-log-collector-4.4.2-1.el8ev.noarch.rpm
ovirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm
ovirt-web-ui-1.6.3-1.el8ev.noarch.rpm
python-flask-doc-1.0.2-2.el8ost.noarch.rpm
python2-netaddr-0.7.19-8.1.el8ost.noarch.rpm
python2-pbr-5.1.2-2.el8ost.noarch.rpm
python2-six-1.12.0-1.el8ost.noarch.rpm
python3-aniso8601-0.82-4.el8ost.noarch.rpm
python3-ansible-runner-1.4.5-1.el8ar.noarch.rpm
python3-flask-1.0.2-2.el8ost.noarch.rpm
python3-flask-restful-0.3.6-8.el8ost.noarch.rpm
python3-netaddr-0.7.19-8.1.el8ost.noarch.rpm
python3-notario-0.0.16-2.el8cp.noarch.rpm
python3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm
python3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm
python3-pbr-5.1.2-2.el8ost.noarch.rpm
python3-six-1.12.0-1.el8ost.noarch.rpm
python3-websocket-client-0.54.0-1.el8ost.noarch.rpm
python3-werkzeug-0.16.0-1.el8ost.noarch.rpm
python3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm
rhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm
rhvm-4.4.1.8-0.7.el8ev.noarch.rpm
rhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm
rhvm-dependencies-4.4.0-1.el8ev.noarch.rpm
rhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm
snmp4j-2.4.1-1.el8ev.noarch.rpm
snmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm
unboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm
unboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm
vdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm
ws-commons-util-1.0.2-1.el8ev.noarch.rpm
ws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm
xmlrpc-client-3.1.3-1.el8ev.noarch.rpm
xmlrpc-common-3.1.3-1.el8ev.noarch.rpm
xmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm
xmlrpc-server-3.1.3-1.el8ev.noarch.rpm</p>
<p>x86_64:
m2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm
python3-m2crypto-0.35.2-5.el8ev.x86_64.rpm
python3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2017-18635
https://access.redhat.com/security/cve/CVE-2019-8331
https://access.redhat.com/security/cve/CVE-2019-10086
https://access.redhat.com/security/cve/CVE-2019-13990
https://access.redhat.com/security/cve/CVE-2019-17195
https://access.redhat.com/security/cve/CVE-2019-19336
https://access.redhat.com/security/cve/CVE-2020-7598
https://access.redhat.com/security/cve/CVE-2020-10775
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP
tdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn
u8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl
QuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy
SVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1
oGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N
f/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl
Y22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac
WWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh
dVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N
zCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza
2TrKn2dtZwI=
=92Q3
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments. </p>
<p>See the following documentation, which will be updated shortly for release
3.11.219, for important instructions on how to upgrade your cluster and
fully
apply this asynchronous errata update:</p>
<p>https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r
elease_notes.html</p>
<p>This update is available via the Red Hat Network. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method</p>
<ol>
<li>You can also manage
user accounts for web applications, mobile applications, and RESTful web
services. Description:</li>
</ol>
<p>Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)</p>
</li>
<li>
<p>jquery: Cross-site scripting via cross-domain ajax requests
(CVE-2015-9251)</p>
</li>
<li>
<p>bootstrap: Cross-site Scripting (XSS) in the collapse data-parent
attribute
(CVE-2018-14040)</p>
</li>
<li>
<p>jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)</p>
</li>
<li>
<p>jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method
(CVE-2020-11022)</p>
</li>
<li>
<p>bootstrap: XSS in the data-target attribute (CVE-2016-10735)</p>
</li>
<li>
<p>bootstrap: Cross-site Scripting (XSS) in the data-target property of
scrollspy
(CVE-2018-14041)</p>
</li>
<li>
<p>sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)</p>
</li>
<li>
<p>woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)</p>
</li>
<li>
<p>bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)</p>
</li>
<li>
<p>bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)</p>
</li>
<li>
<p>nodejs-moment: Regular expression denial of service (CVE-2017-18214)</p>
</li>
<li>
<p>wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)</p>
</li>
<li>
<p>jackson-databind: use of deeply nested arrays (CVE-2022-42004)</p>
</li>
<li>
<p>jackson-databind: deep wrapper array nesting wrt
UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)</p>
</li>
<li>
<p>jettison: parser crash by stackoverflow (CVE-2022-40149)</p>
</li>
<li>
<p>jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)</p>
</li>
<li>
<p>jettison: If the value in map is the map's self, the new new
JSONObject(map) cause StackOverflowError which may lead to dos
(CVE-2022-45693)</p>
</li>
<li>
<p>CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)</p>
</li>
<li>
<p>JIRA issues fixed (https://issues.jboss.org/):</p>
</li>
</ul>
<p>JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001
JBEAP-23865 - <a href="7.4.z">GSS</a> Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001
JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001
JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9
JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001
JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001
JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001
JBEAP-24100 - <a href="7.4.z">GSS</a> Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001
JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value
JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001
JBEAP-24132 - <a href="7.4.z">GSS</a> Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001
JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001
JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002
JBEAP-24191 - <a href="7.4.z">GSS</a> Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001
JBEAP-24195 - <a href="7.4.z">GSS</a> Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001
JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003
JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2
JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001
JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001</p>
<p>7</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202004-2191" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202004-2191" aria-expanded="false" aria-controls="collapseJsonvar-202004-2191">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202004-2191&t=Vulnerability var-202004-2191" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202004-2191&title=Vulnerability var-202004-2191" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202004-2191&url=https://vulnerability.circl.lu/vuln/var-202004-2191" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202004-2191&title=Vulnerability var-202004-2191" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202004-2191&description=Vulnerability var-202004-2191" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202004-2191&title=Vulnerability var-202004-2191" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202004-2191')" vuln-id="var-202004-2191" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202004-2191">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202004-2191">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6-8.1.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "financial services data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8m0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.2"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.8"
},
{
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0.0"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital basic",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "financial services analytical applications reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services balance sheet planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "hospitality simphony",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.2"
},
{
"model": "insurance accounting analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "agile product supplier collaboration for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0-19.1.2"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services regulatory reporting for european banking authority",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "hospitality simphony",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "financial services data governance for us regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1.1"
},
{
"model": "insurance data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "insurance data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "financial services regulatory reporting for us federal reserve",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.0",
"versionStartIncluding": "1.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.70",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.14",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.6",
"versionStartIncluding": "8.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0.0.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.20",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.1",
"versionStartIncluding": "18.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3247-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3247\nIssue date: 2020-08-04\nCVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086 \n CVE-2019-13990 CVE-2019-17195 CVE-2019-19336 \n CVE-2020-7598 CVE-2020-10775 CVE-2020-11022 \n CVE-2020-11023 \n=====================================================================\n\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a VM Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API). \n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* novnc: XSS vulnerability via the messages propagated to the status field\n(CVE-2017-18635)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)\n\n* ovirt-engine: response_type parameter allows reflected XSS\n(CVE-2019-19336)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* ovirt-engine: Redirect to arbitrary URL allows for phishing\n(CVE-2020-10775)\n\n* Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1080097 - [RFE] Allow editing disks details in the Disks tab\n1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up)\n1358501 - [RFE] multihost network change - notify when done\n1427717 - [RFE] Create and/or select affinity group upon VM creation. \n1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain\n1507438 - not able to deploy new rhvh host when \"/tmp\" is mounted with \"noexec\" option\n1523835 - Hosted-Engine: memory hotplug does not work for engine vm\n1527843 - [Tracker] Q35 chipset support (with seabios)\n1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification\n1535796 - Undeployment of HE is not graceful\n1546838 - [RFE] Refuse to deploy on localhost.localdomain\n1547937 - [RFE] Live Storage Migration progress bar. \n1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work). \n1593800 - [RFE] forbid new mac pools with overlapping ranges\n1596178 - inconsistent display between automatic and manual Pool Type\n1600059 - [RFE] Add by default a storage lease to HA VMs\n1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error \"Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn\u0027t supported. Please perform the updates separately.\"\n1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2\n1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result\n1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state\n1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths\n1642273 - [UI] - left nav border highlight missing in RHV\n1647440 - [RFE][UI] Provide information about the VM next run\n1648345 - Jobs are not properly cleaned after a failed task. \n1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking\n1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted\n1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity)\n1651939 - a new size of the direct LUN not updated in Admin Portal\n1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row\n1654889 - [RFE] Support console VNC for mediated devices\n1656621 - Importing VM OVA always enables \u0027Cloud-Init/Sysprep\u0027\n1658101 - [RESTAPI] Adding ISO disables serial console\n1659161 - Unable to edit pool that is delete protected\n1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours\n1660644 - Concurrent LSMs of the same disk can be issued via the REST-API\n1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2\n1664479 - Third VM fails to get migrated when host is placed into maintenance mode\n1666913 - [UI] warn users about different \"Vdsm Name\" when creating network with a fancy char or long name\n1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine\n1671876 - \"Bond Active Slave\" parameter on RHV-M GUI shows an incorrect until Refresh Caps\n1679039 - Unable to upload image through Storage-\u003eDomain-\u003eDisk because of wrong DC\n1679110 - [RFE] change Admin Portal toast notifications location\n1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales\n1679730 - Warn about host IP addresses outside range\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1686650 - Memory snapshots\u0027 deletion logging unnecessary WARNINGS in engine.log\n1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds\n1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4\n1690155 - Disk migration progress bar not clearly visible and unusable. \n1690475 - When a live storage migration fails, the auto generated snapshot does not get removed\n1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage\n1692592 - \"\ufffcEnable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk\n1693628 - Engine generates too many updates to vm_dynamic table due to the session change\n1693813 - Do not change DC level if there are VMs running/paused with older CL. \n1695026 - Failure in creating snapshots during \"Live Storage Migration\" can result in a nonexistent snapshot\n1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains)\n1696245 - [RFE] Allow full customization while cloning a VM\n1696669 - Build bouncycastle for RHV 4.4 RHEL 8\n1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8\n1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8\n1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider\n1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist\n1700036 - [RFE] Add RedFish API for host power management for RHEV\n1700319 - VM is going to pause state with \"storage I/O error\". \n1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI)\n1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent\n1700867 - Build makeself for RHV 4.4 RHEL 8\n1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8\n1701491 - Build RHV-M 4.4 - RHEL 8\n1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8\n1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8\n1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8\n1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8\n1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8\n1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8\n1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8\n1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8\n1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8\n1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot\n1703428 - VMs migrated from KVM to RHV show warning \u0027The latest guest agent needs to be installed and running on the guest\u0027\n1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option\n1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8\n1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself. \n1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP\n1712255 - Drop 4.1 datacenter/cluster level\n1712746 - [RFE] Ignition support for ovirt vms\n1712890 - engine-setup should check for snapshots in unsupported CL\n1714528 - Missing IDs on cluster upgrade buttons\n1714633 - Using more than one asterisk in the search string is not working when searching for users. \n1714834 - Cannot disable SCSI passthrough using API\n1715725 - Sending credentials in query string logs them in ovirt-request-logs\n1716590 - [RFE][UX] Make Cluster-wide \"Custom serial number policy\" value visible at VM level\n1718818 - [RFE] Enhance local disk passthrough\n1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8\n1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8\n1720795 - New guest tools are available mark in case of guest tool located on Data Domain\n1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt-\u003eRHV rebrand glitch?)\n1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD\n1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network. \n1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject\n1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255)\n1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters\n1730436 - Snapshot creation was successful, but snapshot remains locked\n1731212 - RHV 4.4 landing page does not show login or allow scrolling. \n1731590 - Cannot preview snapshot, it fails and VM remains locked. \n1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade\n1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4\n1733843 - Export to OVA fails if VM is running on the Host doing the export\n1734839 - Unable to start guests in our Power9 cluster without running in headless mode. \n1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON\n1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM\n1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels. \n1741102 - host activation causes RHHI nodes to lose the quorum\n1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk\n1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device\n1743690 - Commit and Undo buttons active when no snapshot selected\n1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels\n1745384 - [IPv6 Static] Engine should allow updating network\u0027s static ipv6gateway\n1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8\n1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0\n1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine\n1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8\n1747772 - Extra white space at the top of webadmin dialogs\n1749284 - Change the Snapshot operation to be asynchronous\n1749944 - teardownImage attempts to deactivate in-use LV\u0027s rendering the VM disk image/volumes in locked state. \n1750212 - MERGE_STATUS fails with \u0027Invalid UUID string: mapper\u0027 when Direct LUN that already exists is hot-plugged\n1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4\n1750357 - [Tracking] ovirt-web-ui for RHV 4.4\n1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4\n1750482 - From VM Portal, users cannot create Operating System Windows VM. \n1751215 - Unable to change Graphical Console of HE VM. \n1751268 - add links to Insights to landing page\n1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API\n1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8\n1752995 - [RFE] Need to be able to set default console option\n1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8\n1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8\n1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support\n1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries\n1754490 - RHV Manager cannot start on EAP 7.2.4\n1755412 - Setting \"oreg_url: registry.redhat.io\" fails with error\n1758048 - clone(as thin) VM from template or create snapshot fails with \u0027Requested capacity 1073741824 \u003c parent capacity 3221225472 (volume:1211)\u0027\n1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager\n1762281 - Import of OVA created from template fails with java.lang.NullPointerException\n1763992 - [RFE] Show \"Open Console\" as the main option in the VM actions menu\n1764289 - Document details how each fence agent can be configured in RESTAPI\n1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT\n1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4\n1764943 - Create Snapshot does not proceed beyond CreateVolume\n1764959 - Apache is configured to offer TRACE method (security)\n1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field\n1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API\n1768844 - RHEL Advanced virtualization module streams support\n1769463 - [Scale] Slow performance for api/clusters when many networks devices are present\n1770237 - Cannot assign a vNIC profile for VM instance profile. \n1771793 - VM Portal crashes in what appears to be a permission related problem. \n1773313 - RHV Metric store installation fails with error: \"You need to install \\\"jmespath\\\" prior to running json_query filter\"\n1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI. \n1779580 - drop rhvm-doc package\n1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS\n1782236 - Windows Update (the drivers) enablement\n1782279 - Warning message for low space is not received on Imported Storage domain\n1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented\n1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic\n1784385 - Still requiring rhvm-doc in rhvm-setup-plugins\n1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal. \n1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error \"VirtIO-SCSI is disabled for the VM\"\n1796809 - Build apache-sshd for RHV 4.4 RHEL 8\n1796811 - Remove bundled apache-sshd library\n1796815 - Build snmp4j for RHV 4.4 RHEL 8\n1796817 - Remove bundled snmp4j library\n1797316 - Snapshot creation from VM fails on second snapshot and afterwords\n1797500 - Add disk operation failed to complete. \n1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8\n1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8\n1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8\n1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8\n1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8\n1799171 - Build ws-commons-util for RHV 4.4 RHEL 8\n1799204 - Build xmlrpc for RHV 4.4 RHEL 8\n1801149 - CVE-2019-13990 libquartz: XXE attacks via job description\n1801709 - Disable activation of the host while Enroll certificate flow is still in progress\n1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export\n1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win\n1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine\n1807047 - Build m2crypto for RHV 4.4 RHEL 8\n1807860 - [RFE] Allow resource allocation options to be customized\n1808096 - Uploading ISOs causes \"Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null\"\n1808126 - host_service.install() does not work with deploy_hosted_engine as True. \n1809040 - [CNV\u0026RHV] let the user know that token is not valid anymore\n1809052 - [CNV\u0026RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec )\n1809875 - rhv-image-discrepancies only compares images on the last DC\n1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored\n1810893 - mountOptions is ignored for \"import storage domain\" from GUI\n1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries\n1811869 - [Scale] Webadmin\\REST for host interface list response time is too long because of excessive amount of qos related sql queries\n1812875 - Unable to create VMs when french Language is selected for the rhvm gui. \n1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1814197 - [CNV\u0026RHV] when provider is remover DC is left behind and active\n1814215 - [CNV\u0026RHV] Adding new provider to engine fails after succesfull test\n1816017 - Build log4j12 for RHV 4.4 EL8\n1816643 - [CNV\u0026RHV] VM created in CNV not visible in RHV\n1816654 - [CNV\u0026RHV] adding provider with already created vm failed\n1816693 - [CNV\u0026RHV] CNV VM failed to restart even if 1st dialog looks fine\n1816739 - [CNV\u0026RHV] CNV VM updated form CNV side doesn\u0027t update vm properties over on RHV side\n1817467 - [Tracking] Migration path between RHV 4.3 and 4.4\n1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2\n1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update\n1819248 - Cannot upgrade host after engine setup\n1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev)\n1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data\n1820621 - Build apache-commons-compress for RHV 4.4 EL8\n1820638 - Build apache-commons-jxpath for RHV 4.4 EL8\n1821164 - Failed snapshot creation can cause data corruption of other VMs\n1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts\n1824095 - VM portal shows only error\n1825793 - RHV branding is missing after upgrade from 4.3\n1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3\n1826437 - The console client resources page return HTTP code 500\n1826801 - [CNV\u0026RHV] update of memory on cnv side does not propagate to rhv\n1826855 - [cnv\u0026rhv] update of cpu on cnv side causing expetion in engine.log\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging]\n1828736 - [CNV\u0026RHV] cnv template is not propagated to rhv\n1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights\n1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev)\n1829830 - vhost custom properties does not accept \u0027-\u0027\n1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8\n1834523 - Edit VM -\u003e Enable Smartcard sharing does not stick when VM is running\n1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen\n1841495 - Upgrade openstack-java-sdk to 3.2.9\n1842495 - high cpu usage after entering wrong search pattern in RHVM\n1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit\n1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation\n1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW\n1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020)\n1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-1.4.5-1.el8ar.src.rpm\nansible-runner-service-1.0.2-1.el8ev.src.rpm\napache-commons-collections4-4.4-1.el8ev.src.rpm\napache-commons-compress-1.18-1.el8ev.src.rpm\napache-commons-configuration-1.10-1.el8ev.src.rpm\napache-commons-jexl-2.1.1-1.el8ev.src.rpm\napache-commons-jxpath-1.3-29.el8ev.src.rpm\napache-commons-vfs-2.4.1-1.el8ev.src.rpm\napache-sshd-2.5.1-1.el8ev.src.rpm\nebay-cors-filter-1.0.1-4.el8ev.src.rpm\ned25519-java-0.3.0-1.el8ev.src.rpm\nengine-db-query-1.6.1-1.el8ev.src.rpm\njava-client-kubevirt-0.5.0-1.el8ev.src.rpm\nlog4j12-1.2.17-22.el8ev.src.rpm\nm2crypto-0.35.2-5.el8ev.src.rpm\nmakeself-2.4.0-4.el8ev.src.rpm\nnovnc-1.1.0-1.el8ost.src.rpm\nopenstack-java-sdk-3.2.9-1.el8ev.src.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.src.rpm\novirt-engine-4.4.1.8-0.7.el8ev.src.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm\novirt-log-collector-4.4.2-1.el8ev.src.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm\novirt-web-ui-1.6.3-1.el8ev.src.rpm\npython-aniso8601-0.82-4.el8ost.src.rpm\npython-flask-1.0.2-2.el8ost.src.rpm\npython-flask-restful-0.3.6-8.el8ost.src.rpm\npython-netaddr-0.7.19-8.1.el8ost.src.rpm\npython-notario-0.0.16-2.el8cp.src.rpm\npython-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm\npython-pbr-5.1.2-2.el8ost.src.rpm\npython-six-1.12.0-1.el8ost.src.rpm\npython-websocket-client-0.54.0-1.el8ost.src.rpm\npython-werkzeug-0.16.0-1.el8ost.src.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.src.rpm\nrhvm-dependencies-4.4.0-1.el8ev.src.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.src.rpm\nsnmp4j-2.4.1-1.el8ev.src.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm\nws-commons-util-1.0.2-1.el8ev.src.rpm\nxmlrpc-3.1.3-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-1.4.5-1.el8ar.noarch.rpm\nansible-runner-service-1.0.2-1.el8ev.noarch.rpm\napache-commons-collections4-4.4-1.el8ev.noarch.rpm\napache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm\napache-commons-compress-1.18-1.el8ev.noarch.rpm\napache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm\napache-commons-configuration-1.10-1.el8ev.noarch.rpm\napache-commons-jexl-2.1.1-1.el8ev.noarch.rpm\napache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm\napache-commons-jxpath-1.3-29.el8ev.noarch.rpm\napache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm\napache-commons-vfs-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm\napache-sshd-2.5.1-1.el8ev.noarch.rpm\napache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm\nebay-cors-filter-1.0.1-4.el8ev.noarch.rpm\ned25519-java-0.3.0-1.el8ev.noarch.rpm\ned25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm\nengine-db-query-1.6.1-1.el8ev.noarch.rpm\njava-client-kubevirt-0.5.0-1.el8ev.noarch.rpm\nlog4j12-1.2.17-22.el8ev.noarch.rpm\nlog4j12-javadoc-1.2.17-22.el8ev.noarch.rpm\nmakeself-2.4.0-4.el8ev.noarch.rpm\nnovnc-1.1.0-1.el8ost.noarch.rpm\nopenstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm\novirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm\novirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm\novirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm\novirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm\novirt-log-collector-4.4.2-1.el8ev.noarch.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm\novirt-web-ui-1.6.3-1.el8ev.noarch.rpm\npython-flask-doc-1.0.2-2.el8ost.noarch.rpm\npython2-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython2-pbr-5.1.2-2.el8ost.noarch.rpm\npython2-six-1.12.0-1.el8ost.noarch.rpm\npython3-aniso8601-0.82-4.el8ost.noarch.rpm\npython3-ansible-runner-1.4.5-1.el8ar.noarch.rpm\npython3-flask-1.0.2-2.el8ost.noarch.rpm\npython3-flask-restful-0.3.6-8.el8ost.noarch.rpm\npython3-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython3-notario-0.0.16-2.el8cp.noarch.rpm\npython3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm\npython3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm\npython3-pbr-5.1.2-2.el8ost.noarch.rpm\npython3-six-1.12.0-1.el8ost.noarch.rpm\npython3-websocket-client-0.54.0-1.el8ost.noarch.rpm\npython3-werkzeug-0.16.0-1.el8ost.noarch.rpm\npython3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm\nrhvm-4.4.1.8-0.7.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.0-1.el8ev.noarch.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm\nsnmp4j-2.4.1-1.el8ev.noarch.rpm\nsnmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm\nws-commons-util-1.0.2-1.el8ev.noarch.rpm\nws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm\nxmlrpc-client-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-common-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-server-3.1.3-1.el8ev.noarch.rpm\n\nx86_64:\nm2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18635\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-10086\nhttps://access.redhat.com/security/cve/CVE-2019-13990\nhttps://access.redhat.com/security/cve/CVE-2019-17195\nhttps://access.redhat.com/security/cve/CVE-2019-19336\nhttps://access.redhat.com/security/cve/CVE-2020-7598\nhttps://access.redhat.com/security/cve/CVE-2020-10775\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP\ntdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn\nu8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl\nQuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy\nSVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1\noGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N\nf/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl\nY22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac\nWWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh\ndVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N\nzCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza\n2TrKn2dtZwI=\n=92Q3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSee the following documentation, which will be updated shortly for release\n3.11.219, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Bugs fixed (https://bugzilla.redhat.com/):\n\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n\n6. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of\nscrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new\nJSONObject(map) cause StackOverflowError which may lead to dos\n(CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11022",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "162159",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-10",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157850",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1066",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1880",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1863",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0465",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2966",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3028",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072094",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101936",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072292",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072721",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012754",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042618",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042302",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022060033",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49766",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157905",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48898",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171211",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"id": "VAR-202004-2191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:10:21.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=117510"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.7,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.7,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"trust": 1.7,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49766"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48898"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520510"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2375/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1066"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1804/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1925/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072721"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157850/red-hat-security-advisory-2020-2217-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072094"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101936"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660.3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4248/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2966/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157905/red-hat-security-advisory-2020-2362-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1880/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2775/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1961/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3028/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022060033"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0465"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490381"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1863/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071412"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3902/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012403"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3368/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1044"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171211"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727"
},
{
"date": "2020-08-04T14:26:33",
"db": "PACKETSTORM",
"id": "158750"
},
{
"date": "2020-05-28T16:07:33",
"db": "PACKETSTORM",
"id": "157850"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215"
},
{
"date": "2023-03-02T15:19:02",
"db": "PACKETSTORM",
"id": "171211"
},
{
"date": "2023-01-31T17:19:24",
"db": "PACKETSTORM",
"id": "170819"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2020-04-29T22:15:11.903000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163559"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2429"
},
{
"date": "2023-11-07T03:14:27.330000",
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429"
}
],
"trust": 0.7
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0266">var-200904-0266</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0266" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0266" aria-expanded="false" aria-controls="collapseJsonvar-200904-0266">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0266&t=Vulnerability var-200904-0266" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0266&title=Vulnerability var-200904-0266" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0266&url=https://vulnerability.circl.lu/vuln/var-200904-0266" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0266&title=Vulnerability var-200904-0266" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0266&description=Vulnerability var-200904-0266" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0266&title=Vulnerability var-200904-0266" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0266')" vuln-id="var-200904-0266" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0266">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0266">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0980",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0980",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0980",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"id": "VAR-200904-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:42:25.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.453000",
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2012-10-23T03:04:24.587000",
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of SQLX Functions Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0653">var-201607-0653</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'Multiple' protocol. The 'Infrastructure' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0653" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0653" aria-expanded="false" aria-controls="collapseJsonvar-201607-0653">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0653&t=Vulnerability var-201607-0653" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0653&title=Vulnerability var-201607-0653" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0653&url=https://vulnerability.circl.lu/vuln/var-201607-0653" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0653&title=Vulnerability var-201607-0653" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0653&description=Vulnerability var-201607-0653" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0653&title=Vulnerability var-201607-0653" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0653')" vuln-id="var-201607-0653" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0653">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0653">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0653",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5446",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94265",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5446",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5446",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-810",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94265",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027Infrastructure\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5446",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91998",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94265",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5446",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"id": "VAR-201607-0653",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:52:51.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite Infrastructure Subcomponent security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63170"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91998"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5446"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94265"
},
{
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94265"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91998"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"date": "2016-07-21T10:15:00.757000",
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94265"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5446"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91998"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003874"
},
{
"date": "2017-09-01T01:29:29.413000",
"db": "NVD",
"id": "CVE-2016-5446"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Infrastructure Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003874"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91998"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0430">var-200904-0430</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input.
An attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application.
NOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>iDefense Security Advisory 05.14.09
http://labs.idefense.com/intelligence/vulnerabilities/
May 14, 2009</p>
<p>I. BACKGROUND</p>
<p>Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below. </p>
<p>http://www.oracle.com/technology/products/content-management/oit/oit_all.html</p>
<p>http://www.good.com/corp/index.php</p>
<p>II. </p>
<p>This vulnerability exists when handling specific records within a
specially crafted Microsoft Excel spreadsheet file. Within the
vulnerable function, an integer value is read from the file. This value
is later used in an arithmetic integer calculation. Since no validation
is performed, an integer overflow can occur. This results in the
allocation of a buffer that is too small to hold the data that is
subsequently read from the file. A heap buffer overflow occurs, leading
to an exploitable condition. </p>
<p>III. ANALYSIS</p>
<p>Exploitation of this vulnerability allows attackers to execute arbitrary
code. In order to exploit this vulnerability, the attacker must somehow
supply a malformed document to an application that will process the
document with Outside In Technology. Likewise, the privileges gained
will also depend on the software using the library. </p>
<p>In the case of Good Mobile Messaging Server, an attacker can send an
electronic mail message with an Excel spreadsheet attachment to a user.
When the user chooses to view the spreadsheet, the vulnerable condition
will be triggered. Upon successful exploitation, the attacker will gain
the privileges of the "GoodAdmin" user. This is a special user account
which, in some configurations, may be a member of the "Administrator"
group. Regardless of the user's "Administrator" status, the user will
always have full privileges to "Read" and "Send As" all users on the
Microsoft Exchange server. This could allow an attacker to conduct
further social engineering attacks. </p>
<p>Other software packages using Outside In were not investigated. </p>
<p>IV. DETECTION</p>
<p>iDefense confirmed the existence of this vulnerability using the follow
versions of Outside In on Windows Server 2003. </p>
<p>8.1.5.4282
8.1.9.4417
8.2.2.4866
8.3.0.5129</p>
<p>Additionally the following versions of Good Mobile Messaging Server for
Exchange ship with vulnerable versions of vsxl5.dll. </p>
<p>4.9.3.41
5.0.4.28
6.0.0.106</p>
<p>All versions of Outside In, including versions for operating systems
other than Windows, are assumed to be vulnerable. Additionally, all
software that includes or uses Outside In is assumed to be vulnerable.
Earlier versions, including those branded with other names, are
vulnerable as well. </p>
<p>V. WORKAROUND</p>
<p>In order to prevent exploitation of this vulnerability, iDefense
recommends using file system access control lists (ACLs) to prevent
reading the affected module. </p>
<p>For Good Mobile Messaging Server, Good Software recommends deleting the
GdFileConv.exe file and restarting the Messaging Server. </p>
<p>VI. VENDOR RESPONSE</p>
<p>Oracle has released a patch which addresses this issue. For more
information, consult their advisory at the following URL:</p>
<p>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>Good Technology has released a patch which addresses this issue. For
more information, consult their advisory at the following URL:</p>
<p>http://www.good.com/faq/18431.html</p>
<p>VII. CVE INFORMATION</p>
<p>The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2009-1010 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems. </p>
<p>VIII. DISCLOSURE TIMELINE</p>
<p>01/30/2009 - GoodLink contact identified
01/30/2009 - Security contact research begins
02/05/2009 - Oracle contact identified
02/09/2009 - Initial Oracle Reply
02/09/2009 - Initial Vendor Notification
02/10/2009 - Initial GoodLink Reply
02/11/2009 - Oracle validation
02/16/2009 - GoodLink customer alert sent
02/16/2009 - GoodLink validation
02/19/2009 - Oracle requests PoC
02/19/2009 - PoC sent to Oracle
02/25/2009 - GoodLink status update
02/27/2009 - Oracle status update
03/06/2009 - GoodLink status update
04/14/2009 - Oracle patch released
05/13/2009 - CVE Corelation requested from Oracle
05/14/2009 - Coordinated Public Disclosure
05/14/2009 - GoodLink ready for disclosure coordinated with iDefense</p>
<p>IX. CREDIT</p>
<p>This vulnerability was discovered by Joshua J. Drake, iDefense Labs. </p>
<p>Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php</p>
<p>Free tools, research and upcoming events
http://labs.idefense.com/</p>
<p>X. LEGAL NOTICES</p>
<p>Copyright \xa9 2009 iDefense, Inc. </p>
<p>Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission. </p>
<p>Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org</p>
<p>iD8DBQFKDct2bjs6HoxIfBkRAqJpAKCIaUYcf3oC6AYdo3WwENP3QwNSlACfSdRk
V0LVJGcrfJnJc1LF37H8YaA=
=fFYX
-----END PGP SIGNATURE-----</p>
<hr />
<p>Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0430" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0430" aria-expanded="false" aria-controls="collapseJsonvar-200904-0430">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0430&t=Vulnerability var-200904-0430" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0430&title=Vulnerability var-200904-0430" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0430&url=https://vulnerability.circl.lu/vuln/var-200904-0430" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0430&title=Vulnerability var-200904-0430" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0430&description=Vulnerability var-200904-0430" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0430&title=Vulnerability var-200904-0430" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0430')" vuln-id="var-200904-0430" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0430">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0430">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0430",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "8.3.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.1.5.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.1.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "8"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5.3 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.2 cf25"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0.0.1 cf08"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.6 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.0.5129"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2.4866"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.9.4417"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.5.4282"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "6.0.0.106"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "5.0.4.28"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "4.9.3.41"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1010",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1010",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-1010",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. \nAn attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application. \nNOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\niDefense Security Advisory 05.14.09\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 14, 2009\n\nI. BACKGROUND\n\nOracle Corp.\u0027s Outside In Technology is a document conversion engine\nsupporting a large number of binary file formats. Prior to Oracle\u0027s\nacquisition, the software was maintained by Stellent Inc. The software\nappears to have originated from \"QuickView\" for Windows 98, but later\nspun off. It is used by various software packages, one of which is\nMotorola Inc.\u0027s Good Mobile Messaging Server. For more information,\nvisit the vendors\u0027 sites at the URLs provided below. \n\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\n\nhttp://www.good.com/corp/index.php\n\nII. \n\nThis vulnerability exists when handling specific records within a\nspecially crafted Microsoft Excel spreadsheet file. Within the\nvulnerable function, an integer value is read from the file. This value\nis later used in an arithmetic integer calculation. Since no validation\nis performed, an integer overflow can occur. This results in the\nallocation of a buffer that is too small to hold the data that is\nsubsequently read from the file. A heap buffer overflow occurs, leading\nto an exploitable condition. \n\nIII. ANALYSIS\n\nExploitation of this vulnerability allows attackers to execute arbitrary\ncode. In order to exploit this vulnerability, the attacker must somehow\nsupply a malformed document to an application that will process the\ndocument with Outside In Technology. Likewise, the privileges gained\nwill also depend on the software using the library. \n\nIn the case of Good Mobile Messaging Server, an attacker can send an\nelectronic mail message with an Excel spreadsheet attachment to a user. \nWhen the user chooses to view the spreadsheet, the vulnerable condition\nwill be triggered. Upon successful exploitation, the attacker will gain\nthe privileges of the \"GoodAdmin\" user. This is a special user account\nwhich, in some configurations, may be a member of the \"Administrator\"\ngroup. Regardless of the user\u0027s \"Administrator\" status, the user will\nalways have full privileges to \"Read\" and \"Send As\" all users on the\nMicrosoft Exchange server. This could allow an attacker to conduct\nfurther social engineering attacks. \n\nOther software packages using Outside In were not investigated. \n\nIV. DETECTION\n\niDefense confirmed the existence of this vulnerability using the follow\nversions of Outside In on Windows Server 2003. \n\n 8.1.5.4282\n 8.1.9.4417\n 8.2.2.4866\n 8.3.0.5129\n\nAdditionally the following versions of Good Mobile Messaging Server for\nExchange ship with vulnerable versions of vsxl5.dll. \n\n 4.9.3.41\n 5.0.4.28\n 6.0.0.106\n\nAll versions of Outside In, including versions for operating systems\nother than Windows, are assumed to be vulnerable. Additionally, all\nsoftware that includes or uses Outside In is assumed to be vulnerable. \nEarlier versions, including those branded with other names, are\nvulnerable as well. \n\nV. WORKAROUND\n\nIn order to prevent exploitation of this vulnerability, iDefense\nrecommends using file system access control lists (ACLs) to prevent\nreading the affected module. \n\nFor Good Mobile Messaging Server, Good Software recommends deleting the\nGdFileConv.exe file and restarting the Messaging Server. \n\nVI. VENDOR RESPONSE\n\nOracle has released a patch which addresses this issue. For more\ninformation, consult their advisory at the following URL:\n\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nGood Technology has released a patch which addresses this issue. For\nmore information, consult their advisory at the following URL:\n\nhttp://www.good.com/faq/18431.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-1010 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/30/2009 - GoodLink contact identified\n01/30/2009 - Security contact research begins\n02/05/2009 - Oracle contact identified\n02/09/2009 - Initial Oracle Reply\n02/09/2009 - Initial Vendor Notification\n02/10/2009 - Initial GoodLink Reply\n02/11/2009 - Oracle validation\n02/16/2009 - GoodLink customer alert sent\n02/16/2009 - GoodLink validation\n02/19/2009 - Oracle requests PoC\n02/19/2009 - PoC sent to Oracle\n02/25/2009 - GoodLink status update\n02/27/2009 - Oracle status update\n03/06/2009 - GoodLink status update\n04/14/2009 - Oracle patch released\n05/13/2009 - CVE Corelation requested from Oracle\n05/14/2009 - Coordinated Public Disclosure\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\n\nIX. CREDIT\n\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2009 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFKDct2bjs6HoxIfBkRAqJpAKCIaUYcf3oC6AYdo3WwENP3QwNSlACfSdRk\nV0LVJGcrfJnJc1LF37H8YaA=\n=fFYX\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77565"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1010",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "53749",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327",
"trust": 0.6
},
{
"db": "BID",
"id": "34994",
"trust": 0.4
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-1010",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77565"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"id": "VAR-200904-0430",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:08:38.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1660640",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"title": "1660774",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660774"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53749"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1010"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1010"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.oracle.com"
},
{
"trust": 0.5,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "/archive/1/503487"
},
{
"trust": 0.3,
"url": "/archive/1/503622"
},
{
"trust": 0.3,
"url": "/archive/1/503625"
},
{
"trust": 0.3,
"url": "/archive/1/503624"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/34994"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.good.com/corp/index.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1010"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/products/content-management/oit/oit_all.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77565"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77565"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34994"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-05-16T18:45:17",
"db": "PACKETSTORM",
"id": "77565"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.983000",
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1010"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T19:20:00",
"db": "BID",
"id": "34994"
},
{
"date": "2014-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001240"
},
{
"date": "2016-11-22T16:23:05.637000",
"db": "NVD",
"id": "CVE-2009-1010"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Outside In Technology Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0269">var-200904-0269</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-3407. This vulnerability CVE-2009-0974 Is a different vulnerability.The information may be altered by a third party. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0269" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0269" aria-expanded="false" aria-controls="collapseJsonvar-200904-0269">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0269&t=Vulnerability var-200904-0269" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0269&title=Vulnerability var-200904-0269" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0269&url=https://vulnerability.circl.lu/vuln/var-200904-0269" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0269&title=Vulnerability var-200904-0269" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0269&description=Vulnerability var-200904-0269" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0269&title=Vulnerability var-200904-0269" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0269')" vuln-id="var-200904-0269" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0269">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0269">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.4.2.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0983"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0983",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0983",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-302",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-3407. This vulnerability CVE-2009-0974 Is a different vulnerability.The information may be altered by a third party. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0983",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53752",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"id": "VAR-200904-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:51:04.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156680"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53752"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0983"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0983"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.517000",
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001243"
},
{
"date": "2021-07-13T19:07:23.887000",
"db": "NVD",
"id": "CVE-2009-0983"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Portal Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-302"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201704-1589">var-201704-1589</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. Description:</p>
<p>Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library. </p>
<p>This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a
replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which
are documented in the Release Notes document linked to in the References. (CVE-2017-5645)</p>
<ul>
<li>
<p>A vulnerability was discovered in tomcat's handling of pipelined requests
when "Sendfile" was used. If sendfile processing completed quickly, it was
possible for the Processor to be added to the processor cache twice. This
could lead to invalid responses or information disclosure. (CVE-2017-5647)</p>
</li>
<li>
<p>A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause undesired
side effects, possibly including the removal or replacement of the custom
error page. (CVE-2017-5664)</p>
</li>
<li>
<p>A vulnerability was discovered in tomcat. When running an untrusted
application under a SecurityManager it was possible, under some
circumstances, for that application to retain references to the request or
response objects and thereby access and/or modify information associated
with another web application. (CVE-2017-5648)</p>
</li>
<li>
<p>Solution:</p>
</li>
</ul>
<p>Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs
JWS-667 - Subject incorrectly removed from user session
JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain
JWS-709 - RPM missing selinux-policy dependency
JWS-716 - Backport 60087 for Tomcat 8
JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites
JWS-721 - CORS filter Vary header missing
JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2
JWS-741 - Configurations in conf.d are not applied
JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file</p>
<ol>
<li>(CVE-2017-7525)</li>
</ol>
<p>Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). Description:</p>
<p>The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss
Enterprise Application Platform running on the Amazon Web Services (AWS)
Elastic Compute Cloud (EC2). (CVE-2017-5645)</p>
<ul>
<li>
<p>A vulnerability was found in Jasypt that would allow an attacker to
perform a timing attack on password hash comparison. (CVE-2014-9970)</p>
</li>
<li>
<p>It was found that an information disclosure flaw in Bouncy Castle could
enable a local malicious application to gain access to user's private
information. (CVE-2015-6644)</p>
</li>
<li>
<p>It was found that while parsing the SAML messages the StaxParserUtil
class of Picketlink replaces special strings for obtaining attribute values
with system property. This could allow an attacker to determine values of
system properties at the attacked system by formatting the SAML request ID
field to be the chosen system property which could be obtained in the
"InResponseTo" field in the response. (CVE-2017-2582)</p>
</li>
<li>
<p>It was found that when the security manager's reflective permissions,
which allows it to access the private members of the class, are granted to
Hibernate Validator, a potential privilege escalation can occur. By
allowing the calling code to access those private members without the
permission an attacker may be able to validate an invalid instance and
access the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):</p>
</li>
</ul>
<p>JBEAP-11487 - jboss-ec2-eap for EAP 7.0.8</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: rh-java-common-log4j security update
Advisory ID: RHSA-2017:1417-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1417
Issue date: 2017-06-08
CVE Names: CVE-2017-5645
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for rh-java-common-log4j is now available for Red Hat Software
Collections. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>Log4j is a tool to help the programmer output log statements to a variety
of output targets. (CVE-2017-5645)</p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm</p>
<p>noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2017-5645
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf
ceYEsokMPo3LCY/99DiysrI=
=wZ5c
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201704-1589" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201704-1589" aria-expanded="false" aria-controls="collapseJsonvar-201704-1589">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201704-1589&t=Vulnerability var-201704-1589" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201704-1589&title=Vulnerability var-201704-1589" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201704-1589&url=https://vulnerability.circl.lu/vuln/var-201704-1589" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201704-1589&title=Vulnerability var-201704-1589" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201704-1589&description=Vulnerability var-201704-1589" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201704-1589&title=Vulnerability var-201704-1589" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201704-1589')" vuln-id="var-201704-1589" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201704-1589">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201704-1589">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications converged application server - service controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.7"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"model": "communications messaging server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.8131"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications online mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.8"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.1.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.9"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.5"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2"
},
{
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.3.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.7.4297"
},
{
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.8.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "enterprise manager for mysql database",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2.0.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "identity analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.8"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.49"
},
{
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.1.2.12"
},
{
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.5"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.2"
},
{
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.2"
},
{
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.4.5235"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.8.2"
},
{
"model": "log4j",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.2",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.2.2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.0.8131",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.4.5235",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.7.4297",
"versionStartIncluding": "3.4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.4.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7.0.0",
"versionStartIncluding": "8.0.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.3.0.2",
"versionStartIncluding": "7.3.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.8.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.8
},
"cve": "CVE-2017-5645",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5645",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113848",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. (CVE-2017-5645)\n\n* A vulnerability was discovered in tomcat\u0027s handling of pipelined requests\nwhen \"Sendfile\" was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. (CVE-2017-5664)\n\n* A vulnerability was discovered in tomcat. When running an untrusted\napplication under a SecurityManager it was possible, under some\ncircumstances, for that application to retain references to the request or\nresponse objects and thereby access and/or modify information associated\nwith another web application. (CVE-2017-5648)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used\n1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs\nJWS-667 - Subject incorrectly removed from user session\nJWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain\nJWS-709 - RPM missing selinux-policy dependency\nJWS-716 - Backport 60087 for Tomcat 8\nJWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites\nJWS-721 - CORS filter Vary header missing\nJWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2\nJWS-741 - Configurations in conf.d are not applied\nJWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar\u0027s manifest file\n\n7. \n(CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-7525. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nThe eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss\nEnterprise Application Platform running on the Amazon Web Services (AWS)\nElastic Compute Cloud (EC2). (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to\nperform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could\nenable a local malicious application to gain access to user\u0027s private\ninformation. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil\nclass of Picketlink replaces special strings for obtaining attribute values\nwith system property. This could allow an attacker to determine values of\nsystem properties at the attacked system by formatting the SAML request ID\nfield to be the chosen system property which could be obtained in the\n\"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions,\nwhich allows it to access the private members of the class, are granted to\nHibernate Validator, a potential privilege escalation can occur. By\nallowing the calling code to access those private members without the\npermission an attacker may be able to validate an invalid instance and\naccess the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-11487 - jboss-ec2-eap for EAP 7.0.8\n\n7. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-java-common-log4j security update\nAdvisory ID: RHSA-2017:1417-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1417\nIssue date: 2017-06-08\nCVE Names: CVE-2017-5645 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-java-common-log4j is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. (CVE-2017-5645)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf\nceYEsokMPo3LCY/99DiysrI=\n=wZ5c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5645",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/12/19/2",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1041294",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040200",
"trust": 1.1
},
{
"db": "BID",
"id": "97702",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "143500",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144017",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144019",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142856",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144596",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145262",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-852",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92965",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144359",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"id": "VAR-201704-1589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:55:11.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LOG4J2-1863",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1417"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2633"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2635"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2636"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2638"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2811"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97702"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/2"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2637"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2808"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2809"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2810"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2888"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2889"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3244"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3399"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3400"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1545"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040200"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1041294"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3cissues.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3ccommits.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3ccommits.doris.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5648"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5648"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3cissues.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3ccommits.doris.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3ccommits.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=3.1"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2017-1802.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-2582"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "143500"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144359"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-113848"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"date": "2017-07-25T23:14:47",
"db": "PACKETSTORM",
"id": "143499"
},
{
"date": "2017-09-05T23:44:00",
"db": "PACKETSTORM",
"id": "144014"
},
{
"date": "2017-09-06T04:16:42",
"db": "PACKETSTORM",
"id": "144019"
},
{
"date": "2017-09-05T23:23:00",
"db": "PACKETSTORM",
"id": "144013"
},
{
"date": "2017-07-25T23:15:33",
"db": "PACKETSTORM",
"id": "143500"
},
{
"date": "2017-09-06T04:16:30",
"db": "PACKETSTORM",
"id": "144017"
},
{
"date": "2017-09-27T06:16:15",
"db": "PACKETSTORM",
"id": "144359"
},
{
"date": "2017-06-08T14:39:46",
"db": "PACKETSTORM",
"id": "142856"
},
{
"date": "2017-04-17T21:59:00.373000",
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113848"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"date": "2023-11-07T02:49:28.583000",
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "144014"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "142856"
}
],
"trust": 0.5
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0265">var-200904-0265</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>Team SHATTER Security Advisory</p>
<p>Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter</p>
<p>August 27, 2009</p>
<p>Risk Level:
Medium</p>
<p>Affected versions:
Oracle Database Server version 9iR1 and 9iR2</p>
<p>Remote exploitable:
Yes (Authentication to Database Server is needed)</p>
<p>Credits:
This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc. </p>
<p>Details:
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed. </p>
<p>Impact:
To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. </p>
<p>Vendor Status:
Vendor was contacted and a patch was released. </p>
<p>Workaround:
Restrict ALTER SYSTEM privilege. </p>
<p>CVE:
CVE-2009-0979</p>
<p>Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html</p>
<p>Timeline:
Vendor Notification - 8/15/2007
Fix - 07/14/2009
Public Disclosure - 08/07/2009</p>
<p>Application Security, Inc's database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0265" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0265" aria-expanded="false" aria-controls="collapseJsonvar-200904-0265">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0265&t=Vulnerability var-200904-0265" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0265&title=Vulnerability var-200904-0265" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0265&url=https://vulnerability.circl.lu/vuln/var-200904-0265" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0265&title=Vulnerability var-200904-0265" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0265&description=Vulnerability var-200904-0265" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0265&title=Vulnerability var-200904-0265" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0265')" vuln-id="var-200904-0265" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0265">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0265">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0979",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0979",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nBuffer Overflow in Resource Manager of Oracle Database - Plan name parameter\n\nAugust 27, 2009\n\nRisk Level:\nMedium\n\nAffected versions:\nOracle Database Server version 9iR1 and 9iR2\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nThe plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed. \n\nImpact:\nTo exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict ALTER SYSTEM privilege. \n\nCVE:\nCVE-2009-0979\n\nLinks:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html\n\nTimeline:\nVendor Notification - 8/15/2007\nFix - 07/14/2009\nPublic Disclosure - 08/07/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0979",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80768",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"id": "VAR-200904-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:57:13.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0979"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-08-28T23:14:37",
"db": "PACKETSTORM",
"id": "80768"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.437000",
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2012-10-23T03:04:24.337000",
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Resource Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0431">var-200904-0431</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input.
An attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application.
NOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>I. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>iDefense Security Advisory 05.14.09
http://labs.idefense.com/intelligence/vulnerabilities/
May 14, 2009</p>
<p>I. BACKGROUND</p>
<p>Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below. </p>
<p>http://www.oracle.com/technology/products/content-management/oit/oit_all.html</p>
<p>http://www.good.com/corp/index.php</p>
<p>II. DESCRIPTION</p>
<p>Remote exploitation of multiple integer overflow vulnerabilities in
Oracle Corp.'s Outside In Technology, as included in various vendors'
software distributions, allows attacker to execute arbitrary code. </p>
<p>These vulnerabilities exist in the handling of an optional data stream
stored within various files. Both issues are integer overflows, and are
within the same function. </p>
<p>Within the vulnerable function, an integer value is read from the
Microsoft Office file. This value is later used in several arithmetic
integer calculations. Since no validation is performed, integer
overflows can occur. The result is the allocation of a buffer that is
too small to hold the data that is subsequently read from the file. A
heap buffer overflow occurs, leading to an exploitable condition. </p>
<p>III. ANALYSIS</p>
<p>Exploitation of these vulnerabilities allows attackers to execute
arbitrary code. In order to exploit these vulnerabilities, the attacker
must somehow supply a malformed document to an application that will
process the document with Outside In Technology. Likewise, the
privileges gained will also depend on the software using the library. </p>
<p>In the case of Good Mobile Messaging Server, an attacker can send an
electronic mail message with a specially crafted Office document
attachment to a user. When the user chooses to view the document, the
vulnerable condition will be triggered. Upon successful exploitation,
the attacker will gain the privileges of the "GoodAdmin" user. This is
a special user account which, in some configurations, may be a member
of the "Administrator" group. Regardless of the user's "Administrator"
status, the user will always have full privileges to "Read" and "Send
As" all users on the Microsoft Exchange server. This could allow an
attacker to conduct further social engineering attacks. </p>
<p>Other software packages using Outside In were not investigated. </p>
<p>IV. DETECTION</p>
<p>iDefense confirmed the existence of these vulnerabilities using the
follow versions of Outside In on Windows Server 2003. Multiple modules
were confirmed to contain the vulnerable code; vsmpp, vspp97, vsvisio,
vsw6, vsw97, vsxl5. Other modules may also be affected. </p>
<p>8.1.5.4282
8.1.9.4417
8.2.2.4866
8.3.0.5129</p>
<p>Additionally the following versions of Good Mobile Messaging Server for
Exchange ship with vulnerable versions of the affected modules. </p>
<p>4.9.3.41
5.0.4.28
6.0.0.106</p>
<p>All versions of Outside In, including versions for operating systems
other than Windows, are assumed to be vulnerable. Additionally, all
software that includes or uses Outside In is assumed to be vulnerable.
Earlier versions, including those branded with other names, are
vulnerable as well. </p>
<p>V. WORKAROUND</p>
<p>In order to prevent exploitation of this vulnerability, iDefense
recommends using file system access control lists (ACLs) to prevent
reading the affected modules. </p>
<p>For Good Mobile Messaging Server, Good Software recommends deleting the
GdFileConv.exe file and restarting the Messaging Server. </p>
<p>VI. VENDOR RESPONSE</p>
<p>Oracle has released a patch which addresses this issue. For more
information, consult their advisory at the following URL:</p>
<p>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>Good Technology has released a patch which addresses this issue. For
more information, consult their advisory at the following URL:</p>
<p>http://www.good.com/faq/18431.html</p>
<p>VII. CVE INFORMATION</p>
<p>The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2009-1011 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems. </p>
<p>VIII. DISCLOSURE TIMELINE</p>
<p>01/30/2009 - GoodLink contact identified
01/30/2009 - Security contact research begins
02/05/2009 - Oracle contact identified
02/09/2009 - Initial Oracle Reply
02/09/2009 - Initial Vendor Notification
02/10/2009 - Initial GoodLink Reply
02/11/2009 - Oracle validation
02/16/2009 - GoodLink customer alert sent
02/16/2009 - GoodLink validation
02/19/2009 - Oracle requests PoC
02/19/2009 - PoC sent to Oracle
02/25/2009 - GoodLink status update
02/27/2009 - Oracle status update
03/06/2009 - GoodLink status update
04/14/2009 - Oracle patch released
05/13/2009 - CVE Corelation requested from Oracle
05/14/2009 - Coordinated Public Disclosure
05/14/2009 - GoodLink ready for disclosure coordinated with iDefense</p>
<p>IX. CREDIT</p>
<p>This vulnerability was discovered by Joshua J. Drake, iDefense Labs. </p>
<p>Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php</p>
<p>Free tools, research and upcoming events
http://labs.idefense.com/</p>
<p>X. LEGAL NOTICES</p>
<p>Copyright \xa9 2009 iDefense, Inc. </p>
<p>Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission. </p>
<p>Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org</p>
<p>iD8DBQFKDci2bjs6HoxIfBkRAgoMAJ9LZYN8mlXP7dHp866JUjOllL/2igCfYTU/
xIe37mYPMzb4hra6BAUZrn8=
=az7z
-----END PGP SIGNATURE-----</p>
<hr />
<p>Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0431" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0431" aria-expanded="false" aria-controls="collapseJsonvar-200904-0431">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0431&t=Vulnerability var-200904-0431" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0431&title=Vulnerability var-200904-0431" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0431&url=https://vulnerability.circl.lu/vuln/var-200904-0431" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0431&title=Vulnerability var-200904-0431" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0431&description=Vulnerability var-200904-0431" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0431&title=Vulnerability var-200904-0431" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0431')" vuln-id="var-200904-0431" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0431">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0431">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "8.3.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "8"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5.3 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.2 cf25"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0.0.1 cf08"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.6 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.0.5129"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2.4866"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.9.4417"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.5.4282"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "6.0.0.106"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "5.0.4.28"
},
{
"model": "mobile messaging server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "good",
"version": "4.9.3.41"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1011",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1011",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-328",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. \nAn attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application. \nNOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\n\nI. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\niDefense Security Advisory 05.14.09\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 14, 2009\n\nI. BACKGROUND\n\nOracle Corp.\u0027s Outside In Technology is a document conversion engine\nsupporting a large number of binary file formats. Prior to Oracle\u0027s\nacquisition, the software was maintained by Stellent Inc. The software\nappears to have originated from \"QuickView\" for Windows 98, but later\nspun off. It is used by various software packages, one of which is\nMotorola Inc.\u0027s Good Mobile Messaging Server. For more information,\nvisit the vendors\u0027 sites at the URLs provided below. \n\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\n\nhttp://www.good.com/corp/index.php\n\nII. DESCRIPTION\n\nRemote exploitation of multiple integer overflow vulnerabilities in\nOracle Corp.\u0027s Outside In Technology, as included in various vendors\u0027\nsoftware distributions, allows attacker to execute arbitrary code. \n\nThese vulnerabilities exist in the handling of an optional data stream\nstored within various files. Both issues are integer overflows, and are\nwithin the same function. \n\nWithin the vulnerable function, an integer value is read from the\nMicrosoft Office file. This value is later used in several arithmetic\ninteger calculations. Since no validation is performed, integer\noverflows can occur. The result is the allocation of a buffer that is\ntoo small to hold the data that is subsequently read from the file. A\nheap buffer overflow occurs, leading to an exploitable condition. \n\nIII. ANALYSIS\n\nExploitation of these vulnerabilities allows attackers to execute\narbitrary code. In order to exploit these vulnerabilities, the attacker\nmust somehow supply a malformed document to an application that will\nprocess the document with Outside In Technology. Likewise, the\nprivileges gained will also depend on the software using the library. \n\nIn the case of Good Mobile Messaging Server, an attacker can send an\nelectronic mail message with a specially crafted Office document\nattachment to a user. When the user chooses to view the document, the\nvulnerable condition will be triggered. Upon successful exploitation,\nthe attacker will gain the privileges of the \"GoodAdmin\" user. This is\na special user account which, in some configurations, may be a member\nof the \"Administrator\" group. Regardless of the user\u0027s \"Administrator\"\nstatus, the user will always have full privileges to \"Read\" and \"Send\nAs\" all users on the Microsoft Exchange server. This could allow an\nattacker to conduct further social engineering attacks. \n\nOther software packages using Outside In were not investigated. \n\nIV. DETECTION\n\niDefense confirmed the existence of these vulnerabilities using the\nfollow versions of Outside In on Windows Server 2003. Multiple modules\nwere confirmed to contain the vulnerable code; vsmpp, vspp97, vsvisio,\nvsw6, vsw97, vsxl5. Other modules may also be affected. \n\n 8.1.5.4282\n 8.1.9.4417\n 8.2.2.4866\n 8.3.0.5129\n\nAdditionally the following versions of Good Mobile Messaging Server for\nExchange ship with vulnerable versions of the affected modules. \n\n 4.9.3.41\n 5.0.4.28\n 6.0.0.106\n\nAll versions of Outside In, including versions for operating systems\nother than Windows, are assumed to be vulnerable. Additionally, all\nsoftware that includes or uses Outside In is assumed to be vulnerable. \nEarlier versions, including those branded with other names, are\nvulnerable as well. \n\nV. WORKAROUND\n\nIn order to prevent exploitation of this vulnerability, iDefense\nrecommends using file system access control lists (ACLs) to prevent\nreading the affected modules. \n\nFor Good Mobile Messaging Server, Good Software recommends deleting the\nGdFileConv.exe file and restarting the Messaging Server. \n\nVI. VENDOR RESPONSE\n\nOracle has released a patch which addresses this issue. For more\ninformation, consult their advisory at the following URL:\n\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nGood Technology has released a patch which addresses this issue. For\nmore information, consult their advisory at the following URL:\n\nhttp://www.good.com/faq/18431.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-1011 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/30/2009 - GoodLink contact identified\n01/30/2009 - Security contact research begins\n02/05/2009 - Oracle contact identified\n02/09/2009 - Initial Oracle Reply\n02/09/2009 - Initial Vendor Notification\n02/10/2009 - Initial GoodLink Reply\n02/11/2009 - Oracle validation\n02/16/2009 - GoodLink customer alert sent\n02/16/2009 - GoodLink validation\n02/19/2009 - Oracle requests PoC\n02/19/2009 - PoC sent to Oracle\n02/25/2009 - GoodLink status update\n02/27/2009 - Oracle status update\n03/06/2009 - GoodLink status update\n04/14/2009 - Oracle patch released\n05/13/2009 - CVE Corelation requested from Oracle\n05/14/2009 - Coordinated Public Disclosure\n05/14/2009 - GoodLink ready for disclosure coordinated with iDefense\n\nIX. CREDIT\n\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2009 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFKDci2bjs6HoxIfBkRAgoMAJ9LZYN8mlXP7dHp866JUjOllL/2igCfYTU/\nxIe37mYPMzb4hra6BAUZrn8=\n=az7z\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77564"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1011",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53750",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20090515 MULTIPLE VENDOR OUTSIDE IN MULTIPLE INTEGER OVERFLOW VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "BID",
"id": "34994",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77564",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77564"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"id": "VAR-200904-0431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:13:58.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1660640",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"title": "1660774",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660774"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53750"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 2.0,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1011"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1011"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.oracle.com"
},
{
"trust": 0.5,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "/archive/1/503487"
},
{
"trust": 0.3,
"url": "/archive/1/503622"
},
{
"trust": 0.3,
"url": "/archive/1/503625"
},
{
"trust": 0.3,
"url": "/archive/1/503624"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.good.com/corp/index.php"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/products/content-management/oit/oit_all.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1011"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77564"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "77564"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34994"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-05-16T18:42:37",
"db": "PACKETSTORM",
"id": "77564"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:01",
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T19:20:00",
"db": "BID",
"id": "34994"
},
{
"date": "2014-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001241"
},
{
"date": "2014-01-14T03:46:08.537000",
"db": "NVD",
"id": "CVE-2009-1011"
},
{
"date": "2009-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Outside In Technology Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "BID",
"id": "34994"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0267">var-200904-0267</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0267" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0267" aria-expanded="false" aria-controls="collapseJsonvar-200904-0267">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0267&t=Vulnerability var-200904-0267" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0267&title=Vulnerability var-200904-0267" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0267&url=https://vulnerability.circl.lu/vuln/var-200904-0267" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0267&title=Vulnerability var-200904-0267" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0267&description=Vulnerability var-200904-0267" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0267&title=Vulnerability var-200904-0267" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0267')" vuln-id="var-200904-0267" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0267">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0267">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0981",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0981",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0981",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53738",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "8456",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 UNPRIVILEGED DB USERS CAN SEE APEX PASSWORD HASHES",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8456",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"id": "VAR-200904-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:59:06.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53738"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502724/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/8456"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502724/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8456"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.467000",
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2018-10-10T19:32:41.207000",
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"date": "2009-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Application Express Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0655">var-201607-0655</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0655" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0655" aria-expanded="false" aria-controls="collapseJsonvar-201607-0655">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0655&t=Vulnerability var-201607-0655" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0655&title=Vulnerability var-201607-0655" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0655&url=https://vulnerability.circl.lu/vuln/var-201607-0655" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0655&title=Vulnerability var-201607-0655" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0655&description=Vulnerability var-201607-0655" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0655&title=Vulnerability var-201607-0655" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0655')" vuln-id="var-201607-0655" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0655">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0655">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5448",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94267",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5448",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5448",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94267",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027SNMP\u0027 protocol. The \u0027SNMP\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5448",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92008",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94267",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"id": "VAR-201607-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:47:30.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63172"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92008"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5448"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5448"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2016-07-21T10:15:03.867000",
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2017-09-01T01:29:29.507000",
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In SNMP Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0425">var-200904-0425</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0425" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0425" aria-expanded="false" aria-controls="collapseJsonvar-200904-0425">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0425&t=Vulnerability var-200904-0425" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0425&title=Vulnerability var-200904-0425" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0425&url=https://vulnerability.circl.lu/vuln/var-200904-0425" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0425&title=Vulnerability var-200904-0425" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0425&description=Vulnerability var-200904-0425" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0425&title=Vulnerability var-200904-0425" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0425')" vuln-id="var-200904-0425" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0425">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0425">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1004",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1004",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1004",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-322",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1004",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"id": "VAR-200904-0425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:20:20.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1004",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1004"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1004"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1004"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:00.890000",
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001251"
},
{
"date": "2012-10-23T03:04:30.490000",
"db": "NVD",
"id": "CVE-2009-1004"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of WebLogic Server Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-322"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0424">var-200904-0424</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect integrity via unknown vectors related to "access to source code of web pages.". Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0424" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0424" aria-expanded="false" aria-controls="collapseJsonvar-200904-0424">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0424&t=Vulnerability var-200904-0424" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0424&title=Vulnerability var-200904-0424" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0424&url=https://vulnerability.circl.lu/vuln/var-200904-0424" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0424&title=Vulnerability var-200904-0424" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0424&description=Vulnerability var-200904-0424" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0424&title=Vulnerability var-200904-0424" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0424')" vuln-id="var-200904-0424" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0424">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0424">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.0 mp1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2 mp3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1003"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1003",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1003",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-321",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect integrity via unknown vectors related to \"access to source code of web pages.\". Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1003",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53762",
"trust": 2.4
},
{
"db": "XF",
"id": "50054",
"trust": 1.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"id": "VAR-200904-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:11:38.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1003",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53762"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/50054"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50054"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1003"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1003"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:00.877000",
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001249"
},
{
"date": "2017-08-17T01:30:08.927000",
"db": "NVD",
"id": "CVE-2009-1003"
},
{
"date": "2009-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of WebLogic Server Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-321"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201404-0288">var-201404-0288</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485<em> Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484</em> Improper authentication (CWE-287) - CVE-2020-14494<em> Lack of certification (CWE-862) - CVE-2020-14491</em> Execution with unnecessary privileges (CWE-250) - CVE-2020-14493<em> Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488</em> Path traversal (CWE-22) - CVE-2020-14490<em> Inappropriate authorization process (CWE-285) - CVE-2020-14486</em> Cross-site scripting (CWE-79) - CVE-2020-14492<em> Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489</em> Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485<em> A remote attacker bypasses the system's account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484</em> In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494<em> The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491</em> In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493<em> The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488</em> Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490<em> By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486</em> Malicious code is executed on the user's browser because the user's input value is not properly validated. - CVE-2020-14492<em> Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489</em> A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: Fuse ESB Enterprise 7.1.0 security update
Advisory ID: RHSA-2014:0498-01
Product: Fuse Enterprise Middleware
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0498.html
Issue date: 2014-05-14
CVE Names: CVE-2014-0114
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Fuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security
update that addresses one security issue, is now available from the Red Hat
Customer Portal. </p>
<p>The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.
A remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)</p>
<p>Refer to the readme.txt file included with the patch files for
installation instructions. </p>
<p>All users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat
Customer Portal are advised to apply this security update. </p>
<ol>
<li>Solution:</li>
</ol>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters</p>
<ol>
<li>References:</li>
</ol>
<p>https://www.redhat.com/security/data/cve/CVE-2014-0114.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise&downloadType=securityPatches&version=7.1.0</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)</p>
<p>iD8DBQFTc7htXlSAg2UNWIIRAtEjAJ42Q72A3+z4BA2MCJI8i0qyTvdSrgCeJitA
e2zBKDmixb/nax84cDhcYLo=
=d5S2
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755</p>
<p>SUPPORT COMMUNICATION - SECURITY BULLETIN</p>
<p>Document ID: c05324755
Version: 1</p>
<p>HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote
Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery</p>
<p>NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. </p>
<p>Release Date: 2016-11-04
Last Updated: 2016-11-04</p>
<p>Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary
Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)</p>
<p>Source: Hewlett Packard Enterprise, Product Security Response Team</p>
<p>VULNERABILITY SUMMARY
Potential vulnerabilities have been identified in HPE SiteScope. The
vulnerabilities could be exploited to allow local elevation of privilege and
exploited remotely to allow denial of service, arbitrary code execution,
cross-site request forgery. </p>
<p>References:</p>
<ul>
<li>CVE-2014-0114 - Apache Struts, execution of arbitrary code</li>
<li>CVE-2016-0763 - Apache Tomcat, denial of service (DoS)</li>
<li>CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions </li>
<li>CVE-2015-3253 - Apache Groovy, execution of arbitrary code </li>
<li>CVE-2015-5652 - Python, elevation of privilege</li>
<li>CVE-2013-6429 - Spring Framework, cross-site request forgery</li>
<li>CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)</li>
<li>PSRT110264</li>
</ul>
<p>SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. </p>
<ul>
<li>HP SiteScope Monitors Software Series 11.2xa11.32IP1</li>
</ul>
<p>BACKGROUND</p>
<p>CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector</p>
<pre><code>CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
</code></pre>
<p>https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499</p>
<p>RESOLUTION</p>
<p>HPE has provided a resolution via an update to HPE SiteScope. Details on the
update and each vulnerability are in the KM articles below. </p>
<p><strong>Note:</strong> The resolution for each vulnerability listed is to upgrade to
SiteScope 11.32IP2 or an even more recent version of SiteScope if available.
The SiteScope update can be can found in the personal zone in "my updates" in
HPE Software Support Online: <a href="https://softwaresupport.hpe.com">https://softwaresupport.hpe.com</a>. </p>
<ul>
<li>
<p>Apache Commons FileUpload: KM02550251 (CVE-2014-0050): </p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02550251">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02550251</a></p>
</li>
<li>
<p>Apache Struts: KM02553983 (CVE-2014-0114):</p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553983">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553983</a></p>
</li>
<li>
<p>Apache Tomcat: KM02553990 (CVE-2016-0763):</p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553990">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553990</a></p>
</li>
<li>
<p>Apache XML Xalan: KM02553991 (CVE-2014-0107):</p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553991">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553991</a></p>
</li>
<li>
<p>Apache Groovy: KM02553992 (CVE-2015-3253):</p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553992">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553992</a></p>
</li>
<li>
<p>Python: KM02553997 (CVE-2015-5652):</p>
<p>*
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553997">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553997</a></p>
</li>
<li>
<p>Spring Framework: KM02553998 (CVE-2013-6429):</p>
<p>+
<a href="https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553998">https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets
arch/document/KM02553998</a></p>
</li>
</ul>
<p>HISTORY
Version:1 (rev.1) - 4 November 2016 Initial release</p>
<p>Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy. </p>
<p>Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com. </p>
<p>Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com</p>
<p>Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice</p>
<p>Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive</p>
<p>Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB. </p>
<p>3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX</p>
<p>Copyright 2016 Hewlett Packard Enterprise</p>
<p>Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. </p>
<p>References: CVE-2014-0114, SSRT101566</p>
<p>SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. </p>
<p>Mitigation information for the Apache Struts vulnerability (CVE-2014-0114) is
available at the following location:</p>
<p>http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a
pplications/ba-p/6463188#.U2J7xeaSxro</p>
<p>Japanese information is available at the following location:</p>
<p>http://www.hp.com/jp/icewall_patchaccess</p>
<p>Note: The HP IceWall product is only available in Japan.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201404-0288" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201404-0288" aria-expanded="false" aria-controls="collapseJsonvar-201404-0288">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201404-0288&t=Vulnerability var-201404-0288" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201404-0288&title=Vulnerability var-201404-0288" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201404-0288&url=https://vulnerability.circl.lu/vuln/var-201404-0288" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201404-0288&title=Vulnerability var-201404-0288" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201404-0288&description=Vulnerability var-201404-0288" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201404-0288&title=Vulnerability var-201404-0288" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201404-0288')" vuln-id="var-201404-0288" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201404-0288">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201404-0288">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.10"
},
{
"model": "commons beanutils",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.9.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.1"
},
{
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": null
},
{
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.09.02"
},
{
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.89.05b"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.x to 1.3.10"
},
{
"model": "\u30af\u30e9\u30a6\u30c9 \u30a4\u30f3\u30d5\u30e9 \u30de\u30cd\u30fc\u30b8\u30e1\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "fujitsu integrated system ha database ready",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "business analytics modeling server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "business process manager analytics"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "mobile manager"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "extreme transaction processing server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "navigator explorer server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "application development cycle manager"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "application framework suite"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "application server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "apworks"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "business application server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "job workload server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "service integrator"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "studio"
},
{
"model": "interstage application development cycle manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage application framework suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage apworks",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage business application server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage service integrator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "interstage studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "resource orchestrator"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "analytics server"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "server"
},
{
"model": "systemwalker service catalog manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "systemwalker service quality coordinator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "systemwalker software configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "triole",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "cloud middle set b set"
},
{
"model": "hitachi device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "software"
},
{
"model": "hitachi global link manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "software"
},
{
"model": "job management partner 1/performance management - web console",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- manager web option"
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- web console"
},
{
"model": "hitachi replication manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "software"
},
{
"model": "hitachi tiered storage manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "software"
},
{
"model": "hitachi tuning manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "software"
},
{
"model": "hp device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "hp xp7",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": "global link manager software"
},
{
"model": "hp xp p9000",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": "replication manager"
},
{
"model": "hp xp p9000",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": "tiered storage manager"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "connections",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "content collector",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.x"
},
{
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.2.x"
},
{
"model": "lotus mashups",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.0.2"
},
{
"model": "lotus mashups",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "lotus quickr",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5 for websphere portal"
},
{
"model": "rational change",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "rational change",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "rational change",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.x"
},
{
"model": "esmpro/servermanager",
"scope": "lte",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "ver5.75"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "pc security"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "security risk management v1.0.0 to v1.0.6"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "security risk management v1.0.0 to v2.1.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "enterprise edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "enterprise edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "rfid manager enterprise v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "rfid manager lite v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "rfid manager standard v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "standard edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "standard edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "standard-j edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "standard-j edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "web edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "web edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "application server v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "developer v8.2 to v8.4 (with developer\u0027s studio only )"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "developer v9.1 to v9.2 (with developer\u0027s studio only )"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "portal v8.3 to v8.4"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "portal v9.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "v7.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "v8.2 to v8.4 (with developer\u0027s studio only )"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "v9.1 to v9.2 (with developer\u0027s studio only )"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "v8.3 to v8.4"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "v9.1"
},
{
"model": "terasoluna server framework for java",
"scope": "lte",
"trust": 0.8,
"vendor": "\u682a\u5f0f\u4f1a\u793e\u30a8\u30cc \u30c6\u30a3 \u30c6\u30a3 \u30c7\u30fc\u30bf",
"version": "2.0.0.1 from 2.0.5.1"
},
{
"model": "oracle communications applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of metasolv solution 6.2.1.0.0"
},
{
"model": "oracle communications applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of metasolv solution asr: 49.0.0"
},
{
"model": "oracle communications applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of metasolv solution lsr: 10.1.0"
},
{
"model": "oracle communications applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of metasolv solution lsr: 9.4.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle adaptive access manager 11.1.1.5"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle adaptive access manager 11.1.1.7"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle adaptive access manager 11.1.2.1"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle adaptive access manager 11.1.2.2"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle enterprise data quality 8.1.2"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle enterprise data quality 9.0.11"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle jdeveloper 10.1.3.5"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle jdeveloper 11.1.1.7"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle jdeveloper 11.1.2.4"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle jdeveloper 12.1.2.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle jdeveloper 12.1.3.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle waveset 8.1.1"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle weblogic portal 10.0.1.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle weblogic portal 10.2.1.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle weblogic portal 10.3.6.0"
},
{
"model": "oracle fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of oracle real-time decision server 11.1.1.7 (rtd platform 3.0.x)"
},
{
"model": "oracle identity manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "11.1.1.5"
},
{
"model": "oracle identity manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "11.1.1.7"
},
{
"model": "oracle identity manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "11.1.2.1"
},
{
"model": "oracle identity manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "11.1.2.2"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera contract management 13.1"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera contract management 14.0"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera p6 enterprise project portfolio management 7.0"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera p6 enterprise project portfolio management 8.0"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera p6 enterprise project portfolio management 8.1"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera p6 enterprise project portfolio management 8.2"
},
{
"model": "oracle primavera products suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of primavera p6 enterprise project portfolio management 8.3"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 10.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 11.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 12.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 13.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of allocation 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 12.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 12.0.9in"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 13.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 13.3"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 13.4"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 14.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of back office 8.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 12.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 12.0.9in"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 13.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 13.3"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 13.4"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 14.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of central office 8.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of clearance optimization engine 13.3"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of clearance optimization engine 13.4"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of clearance optimization engine 14.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 11.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 12.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 12.0 in"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 12.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 13.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of invoice matching 14.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of markdown optimization 12.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of markdown optimization 13.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of markdown optimization 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of markdown optimization 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of markdown optimization 13.4"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 13.1"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 13.2"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 13.3"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 13.4"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 14.0"
},
{
"model": "oracle retail applications",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "of returns management 2.0"
},
{
"model": "oracle weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "10.0.2.0"
},
{
"model": "oracle weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "10.3.6.0"
},
{
"model": "oracle weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "12.1.1.0"
},
{
"model": "oracle weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "12.1.2.0"
},
{
"model": "oracle weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "12.1.3.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126811"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0114",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0114",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006468",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0114",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006468",
"trust": 0.8,
"value": "Critical"
},
{
"author": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485* Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484* Improper authentication (CWE-287) - CVE-2020-14494* Lack of certification (CWE-862) - CVE-2020-14491* Execution with unnecessary privileges (CWE-250) - CVE-2020-14493* Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488* Path traversal (CWE-22) - CVE-2020-14490* Inappropriate authorization process (CWE-285) - CVE-2020-14486* Cross-site scripting (CWE-79) - CVE-2020-14492* Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489* Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485* A remote attacker bypasses the system\u0027s account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484* In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494* The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491* In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493* The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488* Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490* By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486* Malicious code is executed on the user\u0027s browser because the user\u0027s input value is not properly validated. - CVE-2020-14492* Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489* A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Fuse ESB Enterprise 7.1.0 security update\nAdvisory ID: RHSA-2014:0498-01\nProduct: Fuse Enterprise Middleware\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0498.html\nIssue date: 2014-05-14\nCVE Names: CVE-2014-0114 \n=====================================================================\n\n1. Summary:\n\nFuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security\nupdate that addresses one security issue, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Description:\n\nFuse ESB Enterprise is an integration platform based on Apache ServiceMix. \nA remote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions. \n\nAll users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat\nCustomer Portal are advised to apply this security update. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0114.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTc7htXlSAg2UNWIIRAtEjAJ42Q72A3+z4BA2MCJI8i0qyTvdSrgCeJitA\ne2zBKDmixb/nax84cDhcYLo=\n=d5S2\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nReferences: CVE-2014-0114, SSRT101566\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nMitigation information for the Apache Struts vulnerability (CVE-2014-0114) is\navailable at the following location:\n\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a\npplications/ba-p/6463188#.U2J7xeaSxro\n\nJapanese information is available at the following location:\n\nhttp://www.hp.com/jp/icewall_patchaccess\n\nNote: The HP IceWall product is only available in Japan. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126811"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0114",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-20-184-01",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59430",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "60177",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59246",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59118",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59464",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59704",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "58710",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59718",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59228",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "57477",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "58947",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "60703",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "58851",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59245",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59014",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59479",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59480",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/08/1",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/06/15/10",
"trust": 1.0
},
{
"db": "BID",
"id": "67121",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU96290700",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127868",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"id": "VAR-201404-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20729166999999998
},
"last_update_date": "2024-07-23T19:41:23.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenClinic\u00a0GA",
"trust": 0.8,
"url": "https://sourceforge.net/projects/open-clinic/"
},
{
"title": "Interstage\u00a0Navigator\u00a0Explorer\u00a0Server",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/beanutils-463"
},
{
"title": "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192995 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
},
{
"title": "Red Hat: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0114"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182669 - security advisory"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "struts1-patch",
"trust": 0.1,
"url": "https://github.com/ricedu/struts1-patch "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/weblegacy/struts1 "
},
{
"title": "struts1filter",
"trust": 0.1,
"url": "https://github.com/rgielen/struts1filter "
},
{
"title": "StrutsExample",
"trust": 0.1,
"url": "https://github.com/vikasvns2000/strutsexample "
},
{
"title": "struts-mini",
"trust": 0.1,
"url": "https://github.com/bingcai/struts-mini "
},
{
"title": "strutt-cve-2014-0114",
"trust": 0.1,
"url": "https://github.com/anob3it/strutt-cve-2014-0114 "
},
{
"title": "super-pom",
"trust": 0.1,
"url": "https://github.com/ian4hu/super-pom "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Use of unmaintained third-party components (CWE-1104) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Execution with unnecessary privileges (CWE-250) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authorization (CWE-285) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Improper authentication (CWE-287) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Authentication bypass using alternate path or channel (CWE-288) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate restriction of excessive authentication attempts (CWE-307) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Unlimited upload of dangerous types of files (CWE-434) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inadequate protection of credentials (CWE-522) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Lack of certification (CWE-862) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Private features (CWE-912) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://advisories.mageia.org/mgasa-2014-0219.html"
},
{
"trust": 1.0,
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html"
},
{
"trust": 1.0,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"trust": 1.0,
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"trust": 1.0,
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/57477"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/58710"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/58851"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/58947"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59014"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59118"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59228"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59245"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59246"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59430"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59464"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59479"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59480"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59704"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59718"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/60177"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/60703"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"trust": 1.0,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67121"
},
{
"trust": 1.0,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 1.0,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/errata/rhsa-2019:2995"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/solutions/869353"
},
{
"trust": 1.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"trust": 1.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.0,
"url": "https://issues.apache.org/jira/browse/beanutils-463"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96290700/index.html"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/recommended-practices"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.8,
"url": "https://www.fda.gov/medical-devices/digital-health/cybersecurity"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000056.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0114"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0498.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0114.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00321"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00320"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00322"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00324"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00318"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00319"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00316"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00315"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00323"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/sis_00317"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "http://www.hp.com/jp/icewall_patchaccess"
},
{
"trust": 0.1,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-a"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"db": "PACKETSTORM",
"id": "126619"
},
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "128873"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"date": "2014-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"date": "2014-05-14T19:25:00",
"db": "PACKETSTORM",
"id": "126619"
},
{
"date": "2014-08-14T22:49:43",
"db": "PACKETSTORM",
"id": "127868"
},
{
"date": "2014-10-28T18:09:30",
"db": "PACKETSTORM",
"id": "128873"
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721"
},
{
"date": "2014-05-27T16:17:39",
"db": "PACKETSTORM",
"id": "126811"
},
{
"date": "2014-04-30T10:49:03.973000",
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"date": "2020-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"date": "2020-09-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002308"
},
{
"date": "2023-02-13T00:32:29.660000",
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126619"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenClinic\u00a0GA\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "127868"
},
{
"db": "PACKETSTORM",
"id": "126811"
}
],
"trust": 0.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0427">var-200904-0427</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0427" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0427" aria-expanded="false" aria-controls="collapseJsonvar-200904-0427">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0427&t=Vulnerability var-200904-0427" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0427&title=Vulnerability var-200904-0427" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0427&url=https://vulnerability.circl.lu/vuln/var-200904-0427" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0427&title=Vulnerability var-200904-0427" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0427&description=Vulnerability var-200904-0427" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0427&title=Vulnerability var-200904-0427" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0427')" vuln-id="var-200904-0427" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0427">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0427">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0427",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jrockit",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "r27.6.2"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r27.6.0"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r27.6.1"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r26.1"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r27.2"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r26.2"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r26.4"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r27.3.1"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r26.3"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r27.1"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "r26.0"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r27.3"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r27.5"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r27.6"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r27.4"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r27.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r26.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r26.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r26.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r26.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-1006",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1006",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-324",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1006",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"id": "VAR-200904-0427",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:56:08.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1006"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1006"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:00.920000",
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004535"
},
{
"date": "2012-10-23T03:04:31.100000",
"db": "NVD",
"id": "CVE-2009-1006"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of Jrockit Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-324"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1779">var-202003-1779</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p>
</li>
<li>
<p>cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)</p>
</li>
<li>
<p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p>
</li>
<li>
<p>HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)</p>
</li>
<li>
<p>HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)</p>
</li>
<li>
<p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)</p>
</li>
<li>
<p>HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)</p>
</li>
<li>
<p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)</p>
</li>
<li>
<p>keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)</p>
</li>
<li>
<p>keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)</p>
</li>
<li>
<p>keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)</p>
</li>
<li>
<p>keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)</p>
</li>
<li>
<p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p>
</li>
<li>
<p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</p>
</li>
<li>
<p>SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)</p>
</li>
<li>
<p>thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p>
</li>
<li>
<p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)</p>
</li>
<li>
<p>xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)</p>
</li>
</ul>
<p>For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. You must be logged in to download the update. Solution:</p>
<p>Before applying this update, ensure all previously released errata relevant
to your system have been applied. </p>
<p>For details about how to apply this update, see:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-18793 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.16 to 5.3.17
JBEAP-19095 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.20 to 1.0.21
JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final
JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final
JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m
JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x
JBEAP-19269 - <a href="7.3.z">GSS</a> Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final
JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1
JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001
JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001
JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6
JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints.
JBEAP-19564 - <a href="7.3.z">GSS</a> Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001
JBEAP-19585 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6
JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001
JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001
JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final
JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final
JBEAP-19874 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001</p>
<ol>
<li>
<p>Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
</li>
<li>
<p>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
</li>
</ol>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat Data Grid 7.3.7 security update
Advisory ID: RHSA-2020:3779-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779
Issue date: 2020-09-17
CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695
CVE-2020-1710 CVE-2020-1719 CVE-2020-1745
CVE-2020-1748 CVE-2020-1757 CVE-2020-8840
CVE-2020-9488 CVE-2020-9546 CVE-2020-9547
CVE-2020-9548 CVE-2020-10672 CVE-2020-10673
CVE-2020-10714 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113
CVE-2020-11612 CVE-2020-11619 CVE-2020-11620
====================================================================
1. Summary:</p>
<p>An update for Red Hat Data Grid is now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project. </p>
<p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jetty: Incorrect header handling (CVE-2017-7658)</p>
</li>
<li>
<p>EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)</p>
</li>
<li>
<p>undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)</p>
</li>
<li>
<p>undertow: servletPath is normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)</p>
</li>
<li>
<p>jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10672)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10673)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in org.springframework:spring-aop
(CVE-2020-11619)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
(CVE-2020-11620)</p>
</li>
<li>
<p>jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)</p>
</li>
<li>
<p>resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)</p>
</li>
<li>
<p>Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)</p>
</li>
<li>
<p>Wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)</p>
</li>
<li>
<p>wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)</p>
</li>
<li>
<p>netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)</p>
</li>
<li>
<p>log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section. </li>
<li>Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. </li>
<li>Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions. </li>
<li>
<p>Restart Data Grid to ensure the changes take effect. </p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ol>
<p>1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2017-7658
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10672
https://access.redhat.com/security/cve/CVE-2020-10673
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-11620
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn
NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8
5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A
qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm
GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn
aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G
DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7
MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9
Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j
wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq
P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb
PyKX8lLP6w8=n+2X
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1779" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1779" aria-expanded="false" aria-controls="collapseJsonvar-202003-1779">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1779&t=Vulnerability var-202003-1779" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1779&url=https://vulnerability.circl.lu/vuln/var-202003-1779" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1779&description=Vulnerability var-202003-1779" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1779&title=Vulnerability var-202003-1779" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1779')" vuln-id="var-202003-1779" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1779">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1779">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 1.3
},
"cve": "CVE-2020-10672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163174",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163174",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10672",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.7 security update\nAdvisory ID: RHSA-2020:3779-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3779\nIssue date: 2020-09-17\nCVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695\n CVE-2020-1710 CVE-2020-1719 CVE-2020-1745\n CVE-2020-1748 CVE-2020-1757 CVE-2020-8840\n CVE-2020-9488 CVE-2020-9546 CVE-2020-9547\n CVE-2020-9548 CVE-2020-10672 CVE-2020-10673\n CVE-2020-10714 CVE-2020-10968 CVE-2020-10969\n CVE-2020-11111 CVE-2020-11112 CVE-2020-11113\n CVE-2020-11612 CVE-2020-11619 CVE-2020-11620\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7658\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-11620\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=securityPatches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn\nNVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8\n5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A\nqaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm\nGisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn\naCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G\nDvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7\nMB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9\nPf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j\nwzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq\nP2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb\nPyKX8lLP6w8=n+2X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10672"
},
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10672",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158916",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158891",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1040",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48048",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158884",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158889",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158881",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163174",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10672",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"id": "VAR-202003-1779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:23:59.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112628"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203461 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203463 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203462 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203464 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203501 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203638 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203642 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203637 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203639 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2659"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48048"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1040/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-xapooledconnectionfactory-31849"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:3461"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163174"
},
{
"date": "2020-03-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-08-17T17:34:41",
"db": "PACKETSTORM",
"id": "158884"
},
{
"date": "2020-08-17T17:43:07",
"db": "PACKETSTORM",
"id": "158889"
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208"
},
{
"date": "2020-08-19T16:44:13",
"db": "PACKETSTORM",
"id": "158916"
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"date": "2020-03-18T22:15:12.313000",
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163174"
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10672"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"date": "2024-07-03T01:36:05.477000",
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201104-0504">var-201104-0504</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Oracle has released advance notification regarding the April 2011 Critical Patch Update (CPU) to be released on April 19, 2011. The update addresses 73 vulnerabilities affecting the following software:
Oracle Database
Oracle Fusion Middleware
Oracle Application Server
Oracle Identity Management
Oracle JRockit
Oracle Outside In Technology
Oracle WebLogic Server
Oracle E-Business Suite
Oracle Agile Technology Platform
Oracle PeopleSoft Enterprise CRM
Oracle PeopleSoft Enterprise ELS
Oracle PeopleSoft Enterprise HRMS
Oracle PeopleSoft Enterprise Portal
Oracle PeopleSoft Enterprise People Tools
Oracle JD Edwards OneWorld Tools
Oracle JD Edwards EnterpriseOne Tools
Oracle Siebel CRM Core
Oracle InForm
Oracle Sun Product Suite
Oracle Open Office
StarOffice/StarSuite
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.
This BID is being retired. The following individual records exist to better document the issues:
46031 OpenOffice Multiple Remote Code Execution Vulnerabilities
46091 Oracle Java Floating-Point Value Denial of Service Vulnerability
46387 Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability
46388 Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
46391 Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability
46393 Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability
46394 Oracle Java SE and Java for Business Remote Code Execution Vulnerability
46395 Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability
46397 Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability
46398 Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability
46399 Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability
46403 Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability
46404 Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability
46406 Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
46767 Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
47171 Oracle Solaris CVE-2011-0412 Password Hash Local Information Disclosure Weakness
47429 Oracle Database Server CVE-2011-0792 Remote Oracle Warehouse Builder Vulnerability
47430 Oracle Database CVE-2011-0806 Network Foundation Remote Vulnerability
47431 Oracle Database Server CVE-2011-0799 Remote Warehouse Builder Vulnerability
47432 Oracle Database Server CVE-2011-0804 Remote Database Vault Vulnerability
47434 Oracle E-Business Suite CVE-2011-0809 Web ADI Remote Vulnerability
47435 Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability
47436 Oracle Database Server CVE-2011-0793 Remote Database Vault Vulnerability
47437 Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability
47438 Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
47439 Oracle PeopleSoft Enterprise HRMS CVE-2011-0853 Remote PeopleSoft Enterprise HRMS Vulnerability
47440 Oracle E-Business Suite CVE-2011-0797 Applications Install Remote Vulnerability
47441 Oracle Database Server CVE-2011-0805 Remote UIX Vulnerability
47442 Oracle PeopleSoft Enterprise HRMS CVE-2011-0854 Remote PeopleSoft Enterprise HRMS Vulnerability
47443 Oracle Database Server CVE-2011-0785 Remote Oracle Help Vulnerability
47444 Oracle Sun Solaris 11 Express CVE-2011-0841 Remote Vulnerability
47445 Oracle PeopleSoft Enterprise HRMS CVE-2011-0858 Remote Talent Acquisition Manager Vulnerability
47446 Oracle E-Business Suite CVE-2011-0791 Remote Application Object Library Vulnerability
47448 Oracle PeopleSoft Enterprise HRMS CVE-2011-0857 Remote PeopleSoft Enterprise HRMS Vulnerability
47449 Oracle E-Business Suite CVE-2011-0796 Applications Install Local Vulnerability
47450 Oracle Sun Solaris CVE-2011-0800 Local Vulnerability
47451 Oracle Enterprise Manager Grid Control CVE-2011-0787 Remote Security Vulnerability
47452 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0825 Remote Vulnerability
47453 Oracle PeopleSoft Enterprise HRMS CVE-2011-0859 Remote Global Payroll North America Vulnerability
47454 Oracle Supply Chain Product CVE-2011-0837 Remote Agile Technology Platform Vulnerability
47455 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0824 Remote Vulnerabilty
47456 Oracle Peoplesoft Enterprise CVE-2011-0826 Remote Vulnerability
47459 Oracle PeopleSoft Enterprise HRMS CVE-2011-0860 Remote Global Payroll Spain Vulnerability
47460 Oracle PeopleSoft Enterprise CRM CVE-2011-0850 Remote Vulnerability
47461 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0803 Remote Vulnerability
47462 Oracle PeopleSoft CVE-2011-0828 Remote PeopleSoft Enterprise Vulnerability
47463 Oracle Portal CVE-2011-0798 Remote Security Vulnerability
47464 Oracle JD Edwards OneWorld Tools CVE-2011-0818 Remote Vulnerability
47465 Oracle PeopleSoft Enterprise CVE-2011-0827 Remote Vulnerability
47466 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0819 Remote Vulnerability
47467 Oracle PeopleSoft Enterprise ELS CVE-2011-0851 Remote Vulnerability
47468 Oracle JD Edwards OneWorld Tools CVE-2011-0823 Remote Vulnerability
47469 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0810 Remote Vulnerability
47470 Oracle PeopleSoft CVE-2011-0861 Remote PeopleSoft Enterprise HRMS Vulnerability
47471 Oracle PeopleSoft CVE-2011-0840 Remote PeopleSoft Enterprise PeopleTools Vulnerability
47472 Oracle Peoplesoft Enterprise CVE-2011-0856 Remote Vulnerability
47473 Oracle InForm CVE-2011-0855 Remote Vulnerability
47475 Oracle Application Server CVE-2011-0795 Remote Security Vulnerability
47476 Oracle Sun Solaris CVE-2011-0829 Local Vulnerability
47477 Oracle Solaris CVE-2011-0812 Local Solaris Vulnerability
47478 Oracle Solaris CVE-2011-0839 Local Solaris Vulnerability
47479 Oracle Oracle JD Edwards EnterpriseOne and OneWorld Tools CVE-2011-0836 Remote Vulnerability
47480 Oracle Solaris CVE-2011-0820 Remote Kernel Vulnerability
47481 Oracle OpenSSO & Java System Access Manager CVE-2011-0847 Remote Vulnerability
47483 Oracle Java Dynamic Management Kit CVE-2011-0849 Remote Vulnerability
47484 Oracle Siebel CVE-2011-0833 Remote Siebel CRM Core Vulnerability
47486 Oracle Siebel CVE-2011-0834 Remote Siebel CRM Core Vulnerability
47487 Oracle Java System Access Manager Policy Agent CVE-2011-0846 Remote Web Proxy Agent Vulnerability
47488 Oracle Siebel CVE-2011-0843 Remote Siebel CRM Core Vulnerability
47489 Oracle Application Server CVE-2011-0789 Remote Security Vulnerability
47490 Oracle OpenSSO & Java System Access Manager CVE-2011-0844 Remote Vulnerability
47491 Oracle Solaris CVE-2011-0801 Local Vulnerability
47492 Oracle Solaris CVE-2011-0813 Local Kernel Vulnerability
47493 Oracle Sun Solaris CVE-2011-0821 Local Vulnerability
47494 Oracle Solaris CVE-2011-0790 Local Vulnerability</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201104-0504" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201104-0504" aria-expanded="false" aria-controls="collapseJsonvar-201104-0504">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201104-0504&t=Vulnerability var-201104-0504" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201104-0504&title=Vulnerability var-201104-0504" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201104-0504&url=https://vulnerability.circl.lu/vuln/var-201104-0504" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201104-0504&title=Vulnerability var-201104-0504" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201104-0504&description=Vulnerability var-201104-0504" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201104-0504&title=Vulnerability var-201104-0504" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201104-0504')" vuln-id="var-201104-0504" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201104-0504">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201104-0504">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "java system application server platform edition q1 ur1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"model": "java system application server 2004q2 r1standard",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "1.1.2-38.2.0.el3",
"scope": null,
"trust": 0.3,
"vendor": "openoffice",
"version": null
},
{
"model": "java system application server platform edition update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.01"
},
{
"model": "java system access manager 2005q4 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 131",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "jd edwards oneworld tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "24.1"
},
{
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2"
},
{
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "weblogic server ga",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4.0"
},
{
"model": "java system web server plugin",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.00"
},
{
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "java system access manager 2005q1 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6x86"
},
{
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3.1"
},
{
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "solaris express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.8.2"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q4 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0x"
},
{
"model": "opensolaris build snv 124",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice pp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 123",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.5"
},
{
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.2"
},
{
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "opensolaris build snv 128",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"model": "siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "starsuite pp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "java system application server platform edition q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"model": "weblogic server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"model": "starsuite pp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "e-commerce solutions iplanet web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.03"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.4"
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.0"
},
{
"model": "e-commerce solutions iplanet web server",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.0"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.03"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.01"
},
{
"model": "starsuite pp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "java system application server standard 2004q2 r5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0.0"
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system application server 2004q2 r2 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"model": "opensolaris build snv 137",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.06"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.02"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3"
},
{
"model": "java system access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.5.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.1"
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "document capture",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "java system application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "java system access manager 2005q1 solaris spa",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "document capture",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.08"
},
{
"model": "java system application server ur5 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "staroffice pp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "e-commerce solutions iplanet web server",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "6.0"
},
{
"model": "e-commerce solutions iplanet web server",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.03"
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3x86"
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice pp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.6.1"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "86"
},
{
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "e-commerce solutions iplanet web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.1"
},
{
"model": "opensolaris build snv 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.0"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.04"
},
{
"model": "java system application server standard 2004q2 r4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0.0"
},
{
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "opensolaris build snv 134a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "java system access manager 2005q1 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "opensolaris build snv 130",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "e-commerce solutions iplanet web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "87"
},
{
"model": "java system application server 9.0 0.1",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server 2004q2 r2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.1"
},
{
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "java system access manager 2005q4 windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.52"
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "java system access manager policy agent",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.2"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.5"
},
{
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.79"
},
{
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.29"
},
{
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.014"
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensso enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "weblogic server mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.3"
},
{
"model": "peoplesoft enterprise els",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.3"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "87"
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.1"
},
{
"model": "java system application server ur7 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "jrockit r27.6.0-50 1.5.0 15",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.5"
},
{
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "opensolaris build snv 132",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1 windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.2"
},
{
"model": "java system application server 2004q2 r3 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "e-commerce solutions iplanet web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3"
},
{
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.6"
},
{
"model": "java system application server ur4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server 2004q2 r3 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "java system access manager solaris sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.125"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system application server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.1"
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensso enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "opensolaris build snv 136",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "-9sarge3",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.2.0"
},
{
"model": "java system access manager 2005q1 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "peoplesoft enterprise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.4"
},
{
"model": "opensolaris snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.51"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "starsuite pp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "811"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.2"
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system communications express 2005q1",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 125",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 133",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.98"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.0"
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "java system application server enterprise 2004q2 r5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0.0"
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.1"
},
{
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "staroffice pp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "agile core",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.0.2"
},
{
"model": "java system access manager 2005q1 sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"model": "java system application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "e-commerce solutions iplanet web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "staroffice pp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "java system access manager windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "goldengate veridata",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0.4"
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "agile core",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.1"
},
{
"model": "java system application server ur7 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "e-commerce solutions iplanet web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.3"
},
{
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite pp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.012"
},
{
"model": "opensolaris build snv 151a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.5"
},
{
"model": "java system application server standard platform q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"model": "java system application server ur5 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "e-commerce solutions iplanet web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3.1"
},
{
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.0.1"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"model": "convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.6"
},
{
"model": "staroffice pp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.2"
},
{
"model": "java system application server ur6 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.51"
},
{
"model": "oracle11g standard edition r2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1"
},
{
"model": "java system messaging server 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "java system application server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 122",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java dynamic management kit",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "java system application server enterprise 2004q2 r4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0.0"
},
{
"model": "starsuite pp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.4"
},
{
"model": "java system communications express 2004q2",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "812"
},
{
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server ur6 platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "java system access manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "e-commerce solutions iplanet web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "opensolaris build snv 135",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4.1"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.014"
},
{
"model": "opensolaris build snv 134",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.2"
},
{
"model": "e-commerce solutions iplanet web server sp12",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2.1"
},
{
"model": "siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "opensolaris build snv 129",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2004q2 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "java system access manager 2004q2 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2x"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.013"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "peoplesoft enterprise els",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.1"
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "java system access manager 2004q2 solaris s",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "peoplesoft enterprise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "e-commerce solutions iplanet web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "6.0"
},
{
"model": "java system messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "e-commerce solutions iplanet web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.3"
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.4"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.0.2"
},
{
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.50"
},
{
"model": "java system application server 2004q2 r1enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system application server enterprise edition q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.1"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "86"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.013"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.0"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q4 solaris s",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.6"
},
{
"model": "java system access manager 2005q4 hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "peoplesoft enterprise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.2"
},
{
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3.2"
},
{
"model": "java system access manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1x86"
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "peoplesoft enterprise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.4"
},
{
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.2.1"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3-1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4"
},
{
"model": "enterprise manager real user experience insight",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8"
},
{
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "e-commerce solutions iplanet web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "6.0"
},
{
"model": "e-commerce solutions iplanet web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.0"
},
{
"model": "e-commerce solutions iplanet web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "iplanet",
"version": "4.1"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.3"
},
{
"model": "1.1.5-10.6.0.5.el4",
"scope": null,
"trust": 0.3,
"vendor": "openoffice",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.011"
},
{
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 127",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system communications express 2005q4",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.07"
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "47376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "47376"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle has released advance notification regarding the April 2011 Critical Patch Update (CPU) to be released on April 19, 2011. The update addresses 73 vulnerabilities affecting the following software:\nOracle Database\nOracle Fusion Middleware\nOracle Application Server\nOracle Identity Management\nOracle JRockit\nOracle Outside In Technology\nOracle WebLogic Server\nOracle E-Business Suite\nOracle Agile Technology Platform\nOracle PeopleSoft Enterprise CRM\nOracle PeopleSoft Enterprise ELS\nOracle PeopleSoft Enterprise HRMS\nOracle PeopleSoft Enterprise Portal\nOracle PeopleSoft Enterprise People Tools\nOracle JD Edwards OneWorld Tools\nOracle JD Edwards EnterpriseOne Tools\nOracle Siebel CRM Core\nOracle InForm\nOracle Sun Product Suite\nOracle Open Office\nStarOffice/StarSuite\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.\nThis BID is being retired. The following individual records exist to better document the issues:\n46031 OpenOffice Multiple Remote Code Execution Vulnerabilities\n46091 Oracle Java Floating-Point Value Denial of Service Vulnerability\n46387 Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability\n46388 Oracle Java \u0027Applet2ClassLoader\u0027 Class Unsigned Applet Remote Code Execution Vulnerability\n46391 Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability\n46393 Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability\n46394 Oracle Java SE and Java for Business Remote Code Execution Vulnerability\n46395 Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability\n46397 Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability\n46398 Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability\n46399 Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability\n46403 Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability\n46404 Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability\n46406 Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability\n46767 Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability\n47171 Oracle Solaris CVE-2011-0412 Password Hash Local Information Disclosure Weakness\n47429 Oracle Database Server CVE-2011-0792 Remote Oracle Warehouse Builder Vulnerability\n47430 Oracle Database CVE-2011-0806 Network Foundation Remote Vulnerability\n47431 Oracle Database Server CVE-2011-0799 Remote Warehouse Builder Vulnerability\n47432 Oracle Database Server CVE-2011-0804 Remote Database Vault Vulnerability\n47434 Oracle E-Business Suite CVE-2011-0809 Web ADI Remote Vulnerability\n47435 Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability\n47436 Oracle Database Server CVE-2011-0793 Remote Database Vault Vulnerability\n47437 Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability\n47438 Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability\n47439 Oracle PeopleSoft Enterprise HRMS CVE-2011-0853 Remote PeopleSoft Enterprise HRMS Vulnerability\n47440 Oracle E-Business Suite CVE-2011-0797 Applications Install Remote Vulnerability\n47441 Oracle Database Server CVE-2011-0805 Remote UIX Vulnerability\n47442 Oracle PeopleSoft Enterprise HRMS CVE-2011-0854 Remote PeopleSoft Enterprise HRMS Vulnerability\n47443 Oracle Database Server CVE-2011-0785 Remote Oracle Help Vulnerability\n47444 Oracle Sun Solaris 11 Express CVE-2011-0841 Remote Vulnerability\n47445 Oracle PeopleSoft Enterprise HRMS CVE-2011-0858 Remote Talent Acquisition Manager Vulnerability\n47446 Oracle E-Business Suite CVE-2011-0791 Remote Application Object Library Vulnerability\n47448 Oracle PeopleSoft Enterprise HRMS CVE-2011-0857 Remote PeopleSoft Enterprise HRMS Vulnerability\n47449 Oracle E-Business Suite CVE-2011-0796 Applications Install Local Vulnerability\n47450 Oracle Sun Solaris CVE-2011-0800 Local Vulnerability\n47451 Oracle Enterprise Manager Grid Control CVE-2011-0787 Remote Security Vulnerability\n47452 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0825 Remote Vulnerability\n47453 Oracle PeopleSoft Enterprise HRMS CVE-2011-0859 Remote Global Payroll North America Vulnerability\n47454 Oracle Supply Chain Product CVE-2011-0837 Remote Agile Technology Platform Vulnerability\n47455 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0824 Remote Vulnerabilty\n47456 Oracle Peoplesoft Enterprise CVE-2011-0826 Remote Vulnerability\n47459 Oracle PeopleSoft Enterprise HRMS CVE-2011-0860 Remote Global Payroll Spain Vulnerability\n47460 Oracle PeopleSoft Enterprise CRM CVE-2011-0850 Remote Vulnerability\n47461 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0803 Remote Vulnerability\n47462 Oracle PeopleSoft CVE-2011-0828 Remote PeopleSoft Enterprise Vulnerability\n47463 Oracle Portal CVE-2011-0798 Remote Security Vulnerability\n47464 Oracle JD Edwards OneWorld Tools CVE-2011-0818 Remote Vulnerability\n47465 Oracle PeopleSoft Enterprise CVE-2011-0827 Remote Vulnerability\n47466 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0819 Remote Vulnerability\n47467 Oracle PeopleSoft Enterprise ELS CVE-2011-0851 Remote Vulnerability\n47468 Oracle JD Edwards OneWorld Tools CVE-2011-0823 Remote Vulnerability\n47469 Oracle JD Edwards EnterpriseOne Tools CVE-2011-0810 Remote Vulnerability\n47470 Oracle PeopleSoft CVE-2011-0861 Remote PeopleSoft Enterprise HRMS Vulnerability\n47471 Oracle PeopleSoft CVE-2011-0840 Remote PeopleSoft Enterprise PeopleTools Vulnerability\n47472 Oracle Peoplesoft Enterprise CVE-2011-0856 Remote Vulnerability\n47473 Oracle InForm CVE-2011-0855 Remote Vulnerability\n47475 Oracle Application Server CVE-2011-0795 Remote Security Vulnerability\n47476 Oracle Sun Solaris CVE-2011-0829 Local Vulnerability\n47477 Oracle Solaris CVE-2011-0812 Local Solaris Vulnerability\n47478 Oracle Solaris CVE-2011-0839 Local Solaris Vulnerability\n47479 Oracle Oracle JD Edwards EnterpriseOne and OneWorld Tools CVE-2011-0836 Remote Vulnerability\n47480 Oracle Solaris CVE-2011-0820 Remote Kernel Vulnerability\n47481 Oracle OpenSSO \u0026amp; Java System Access Manager CVE-2011-0847 Remote Vulnerability\n47483 Oracle Java Dynamic Management Kit CVE-2011-0849 Remote Vulnerability\n47484 Oracle Siebel CVE-2011-0833 Remote Siebel CRM Core Vulnerability\n47486 Oracle Siebel CVE-2011-0834 Remote Siebel CRM Core Vulnerability\n47487 Oracle Java System Access Manager Policy Agent CVE-2011-0846 Remote Web Proxy Agent Vulnerability\n47488 Oracle Siebel CVE-2011-0843 Remote Siebel CRM Core Vulnerability\n47489 Oracle Application Server CVE-2011-0789 Remote Security Vulnerability\n47490 Oracle OpenSSO \u0026amp; Java System Access Manager CVE-2011-0844 Remote Vulnerability\n47491 Oracle Solaris CVE-2011-0801 Local Vulnerability\n47492 Oracle Solaris CVE-2011-0813 Local Kernel Vulnerability\n47493 Oracle Sun Solaris CVE-2011-0821 Local Vulnerability\n47494 Oracle Solaris CVE-2011-0790 Local Vulnerability",
"sources": [
{
"db": "BID",
"id": "47376"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "47376",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "47376"
}
]
},
"id": "VAR-201104-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.14024471466666666
},
"last_update_date": "2022-05-17T02:10:47.667000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
}
],
"sources": [
{
"db": "BID",
"id": "47376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "47376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-04-14T00:00:00",
"db": "BID",
"id": "47376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-04-20T19:04:00",
"db": "BID",
"id": "47376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47376"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RETIRED: Oracle April 2011 Critical Patch Update Multiple Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "47376"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "47376"
}
],
"trust": 0.3
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0665">var-201607-0665</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'Multiple' protocol. The 'LUMAIN' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0665" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0665" aria-expanded="false" aria-controls="collapseJsonvar-201607-0665">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0665&t=Vulnerability var-201607-0665" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0665&title=Vulnerability var-201607-0665" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0665&url=https://vulnerability.circl.lu/vuln/var-201607-0665" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0665&title=Vulnerability var-201607-0665" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0665&description=Vulnerability var-201607-0665" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0665&title=Vulnerability var-201607-0665" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0665')" vuln-id="var-201607-0665" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0665">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0665">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0665",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5457",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-94276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5457",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5457",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-821",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94276",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027LUMAIN\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5457",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91995",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5457",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"id": "VAR-201607-0665",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:24:00.307000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63181"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91995"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5457"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94276"
},
{
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94276"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91995"
},
{
"date": "2016-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"date": "2016-07-21T10:15:13.677000",
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94276"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5457"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91995"
},
{
"date": "2016-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003987"
},
{
"date": "2017-09-01T01:29:29.977000",
"db": "NVD",
"id": "CVE-2016-5457"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In LUMAIN Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91995"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201102-0002">var-201102-0002</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ====================================================================== </p>
<pre><code> Secunia Research 15/04/2009
- Oracle BEA WebLogic Server Plug-ins Integer Overflow -
</code></pre>
<p>======================================================================
Table of Contents</p>
<p>Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10</p>
<p>======================================================================
1) Affected Software </p>
<ul>
<li>Oracle BEA WebLogic Server Plug-ins version 1.0.1166189. </li>
</ul>
<p>NOTE: Other versions may also be affected. </p>
<p>======================================================================
2) Severity </p>
<p>Rating: Highly critical
Impact: System access
Where: From Remote</p>
<p>======================================================================
3) Vendor's Description of Software </p>
<p>"... the world's best application server for building and deploying
enterprise applications and services ...". </p>
<p>Product Link:
http://www.oracle.com/technology/products/weblogic/index.html</p>
<p>======================================================================
4) Description of Vulnerability</p>
<p>Secunia Research has discovered a vulnerability in the Oracle BEA
WebLogic Server plug-ins for web servers, which can be exploited by
malicious people to compromise a vulnerable system. </p>
<p>The Oracle BEA WebLogic Server can be configured to receive requests
via an Apache, Sun, or IIS web server. In this case, a plug-in is
installed in the Internet-facing web server that passes the request to
a WebLogic server. An integer overflow when parsing HTTP requests can
be exploited to cause a heap-based buffer overflow. </p>
<p>Successful exploitation may allow execution of arbitrary code. </p>
<p>======================================================================
5) Solution </p>
<p>Apply patches released by the vendor. </p>
<p>======================================================================
6) Time Table </p>
<p>01/03/2009 - Vendor notified.
06/03/2009 - Vendor response requesting more information.
06/03/2009 - Sent PoC to vendor.
10/03/2009 - Vendor confirms vulnerability.
12/03/2009 - Vendor requests more information.
15/03/2009 - Supplemental information sent to vendor.
17/03/2009 - Vendor confirms and provides preliminary patch.
15/04/2009 - Public disclosure. </p>
<p>======================================================================
7) Credits </p>
<p>Discovered by Dyon Balding, Secunia Research. </p>
<p>======================================================================
8) References</p>
<p>The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-0189 for the vulnerability. </p>
<p>======================================================================
9) About Secunia</p>
<p>Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:</p>
<p>http://secunia.com/advisories/business_solutions/</p>
<p>Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security. </p>
<p>http://secunia.com/advisories/</p>
<p>Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:</p>
<p>http://secunia.com/secunia_research/</p>
<p>Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:</p>
<p>http://secunia.com/corporate/jobs/</p>
<p>Secunia offers a FREE mailing list called Secunia Security Advisories:</p>
<p>http://secunia.com/advisories/mailing_lists/</p>
<p>======================================================================
10) Verification </p>
<p>Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-22/</p>
<p>Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/</p>
<p>======================================================================</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201102-0002" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201102-0002" aria-expanded="false" aria-controls="collapseJsonvar-201102-0002">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201102-0002&t=Vulnerability var-201102-0002" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201102-0002&title=Vulnerability var-201102-0002" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201102-0002&url=https://vulnerability.circl.lu/vuln/var-201102-0002" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201102-0002&title=Vulnerability var-201102-0002" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201102-0002&description=Vulnerability var-201102-0002" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201102-0002&title=Vulnerability var-201102-0002" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201102-0002')" vuln-id="var-201102-0002" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201102-0002">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201102-0002">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201102-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dyon Balding of Secunia Research, Joshua J. Drake of iDefense, Gerhard Eschelbeck of Qualys, Inc., Esteban Martinez Fayo of Application Security, Inc., Franz Huell of Red Database Security, Mike Janowski of Neohapsis, Inc., Joxean Koret, Joxean Koret of Ti",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"cve": "CVE-2009-0189",
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ====================================================================== \n\n Secunia Research 15/04/2009\n\n - Oracle BEA WebLogic Server Plug-ins Integer Overflow -\n\n====================================================================== \nTable of Contents\n\nAffected Software....................................................1\nSeverity.............................................................2\nVendor\u0027s Description of Software.....................................3\nDescription of Vulnerability.........................................4\nSolution.............................................................5\nTime Table...........................................................6\nCredits..............................................................7\nReferences...........................................................8\nAbout Secunia........................................................9\nVerification........................................................10\n\n====================================================================== \n1) Affected Software \n\n* Oracle BEA WebLogic Server Plug-ins version 1.0.1166189. \n\nNOTE: Other versions may also be affected. \n\n====================================================================== \n2) Severity \n\nRating: Highly critical\nImpact: System access\nWhere: From Remote\n\n====================================================================== \n3) Vendor\u0027s Description of Software \n\n\"... the world\u0027s best application server for building and deploying\nenterprise applications and services ...\". \n\nProduct Link:\nhttp://www.oracle.com/technology/products/weblogic/index.html\n\n====================================================================== \n4) Description of Vulnerability\n\nSecunia Research has discovered a vulnerability in the Oracle BEA\nWebLogic Server plug-ins for web servers, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nThe Oracle BEA WebLogic Server can be configured to receive requests\nvia an Apache, Sun, or IIS web server. In this case, a plug-in is\ninstalled in the Internet-facing web server that passes the request to\na WebLogic server. An integer overflow when parsing HTTP requests can \nbe exploited to cause a heap-based buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n====================================================================== \n5) Solution \n\nApply patches released by the vendor. \n\n====================================================================== \n6) Time Table \n\n01/03/2009 - Vendor notified. \n06/03/2009 - Vendor response requesting more information. \n06/03/2009 - Sent PoC to vendor. \n10/03/2009 - Vendor confirms vulnerability. \n12/03/2009 - Vendor requests more information. \n15/03/2009 - Supplemental information sent to vendor. \n17/03/2009 - Vendor confirms and provides preliminary patch. \n15/04/2009 - Public disclosure. \n\n====================================================================== \n7) Credits \n\nDiscovered by Dyon Balding, Secunia Research. \n\n====================================================================== \n8) References\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nCVE-2009-0189 for the vulnerability. \n\n====================================================================== \n9) About Secunia\n\nSecunia offers vulnerability management solutions to corporate\ncustomers with verified and reliable vulnerability intelligence\nrelevant to their specific system configuration:\n\nhttp://secunia.com/advisories/business_solutions/\n\nSecunia also provides a publicly accessible and comprehensive advisory\ndatabase as a service to the security community and private \nindividuals, who are interested in or concerned about IT-security. \n\nhttp://secunia.com/advisories/\n\nSecunia believes that it is important to support the community and to\ndo active vulnerability research in order to aid improving the \nsecurity and reliability of software in general:\n\nhttp://secunia.com/secunia_research/\n\nSecunia regularly hires new skilled team members. Check the URL below\nto see currently vacant positions:\n\nhttp://secunia.com/corporate/jobs/\n\nSecunia offers a FREE mailing list called Secunia Security Advisories:\n\nhttp://secunia.com/advisories/mailing_lists/\n\n====================================================================== \n10) Verification \n\nPlease verify this advisory by visiting the Secunia website:\nhttp://secunia.com/secunia_research/2009-22/\n\nComplete list of vulnerability reports published by Secunia Research:\nhttp://secunia.com/secunia_research/\n\n======================================================================\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0189"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76691"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0189",
"trust": 1.4
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "BID",
"id": "34461",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76691",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76691"
},
{
"db": "NVD",
"id": "CVE-2009-0189"
}
]
},
"id": "VAR-201102-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:41:14.583000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/products/weblogic/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/corporate/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/mailing_lists/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0189"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76691"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76691"
},
{
"db": "NVD",
"id": "CVE-2009-0189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-04-15T21:07:43",
"db": "PACKETSTORM",
"id": "76691"
},
{
"date": "2011-02-01T19:00:03.890000",
"db": "NVD",
"id": "CVE-2009-0189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2023-11-07T02:03:34.930000",
"db": "NVD",
"id": "CVE-2009-0189"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle April 2009 Critical Patch Update Multiple Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "34461"
}
],
"trust": 0.3
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0262">var-200904-0262</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0262" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0262" aria-expanded="false" aria-controls="collapseJsonvar-200904-0262">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0262&t=Vulnerability var-200904-0262" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0262&title=Vulnerability var-200904-0262" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0262&url=https://vulnerability.circl.lu/vuln/var-200904-0262" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0262&title=Vulnerability var-200904-0262" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0262&description=Vulnerability var-200904-0262" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0262&title=Vulnerability var-200904-0262" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0262')" vuln-id="var-200904-0262" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0262">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0262">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0976",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0976",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0976",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53733",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"id": "VAR-200904-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:12:29.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53733"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.377000",
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2012-10-23T03:04:23.337000",
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager In the component LTADM Vulnerabilities related to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0605">var-201607-0605</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0605" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0605" aria-expanded="false" aria-controls="collapseJsonvar-201607-0605">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0605&t=Vulnerability var-201607-0605" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0605&title=Vulnerability var-201607-0605" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0605&url=https://vulnerability.circl.lu/vuln/var-201607-0605" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0605&title=Vulnerability var-201607-0605" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0605&description=Vulnerability var-201607-0605" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0605&title=Vulnerability var-201607-0605" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0605')" vuln-id="var-201607-0605" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0605">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0605">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3481",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-92300",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3481",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3481",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-678",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92300",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-3481",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Web\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3481",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91977",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92300",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-3481",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"id": "VAR-201607-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:39:19.574000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63038"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91977"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3481"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3481"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92300"
},
{
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-92300"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91977"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"date": "2016-07-21T10:12:35.087000",
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-92300"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3481"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91977"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003869"
},
{
"date": "2017-09-01T01:29:10.477000",
"db": "NVD",
"id": "CVE-2016-3481"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Web Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91977"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201806-0859">var-201806-0859</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC and BC-FJA Contains a cryptographic vulnerability.Information may be obtained. Bouncy Castle is prone to a security weakness.
Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<p>The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: rhvm-appliance security update
Advisory ID: RHSA-2018:2643-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2643
Issue date: 2018-08-15
Updated on: 2018-09-04
CVE Names: CVE-2018-1067 CVE-2018-1114 CVE-2018-8039
CVE-2018-10237 CVE-2018-10862 CVE-2018-10915
CVE-2018-1000180
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for rhvm-appliance is now available for Red Hat Virtualization 4
for Red Hat Enterprise Linux 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The RHV-M Virtual Appliance automates the process of installing and
configuring the Red Hat Virtualization Manager. The appliance is available
to download as an OVA file from the Customer Portal. </p>
<p>The following packages have been upgraded to a later upstream version:
rhvm-appliance (4.2). (BZ#1590658, BZ#1591095, BZ#1591096, BZ#1592655,
BZ#1594636, BZ#1597534, BZ#1612683)</p>
<p>Red Hat would like to thank the PostgreSQL project for reporting
CVE-2018-10915 and Ammarit Thongthua (Deloitte Thailand Pentest team) and
Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting
CVE-2018-1067. Upstream acknowledges Andrew Krasichkov as the original
reporter of CVE-2018-10915. </p>
<p>Security fixes:</p>
<ul>
<li>
<p>vulnerability: wildfly-core: Path traversal can allow the extraction of
.war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)</p>
</li>
<li>
<p>vulnerability: apache-cxf: TLS hostname verification does not work
correctly with com.sun.net.ssl.* (CVE-2018-8039)</p>
</li>
<li>
<p>vulnerability: postgresql: Certain host connection parameters defeat
client-side security defenses (CVE-2018-10915)</p>
</li>
<li>
<p>vulnerability: undertow: HTTP header injection using CRLF with UTF-8
Encoding (incomplete fix of ) (CVE-2018-1067, CVE-2016-4993)</p>
</li>
<li>
<p>vulnerability: undertow: File descriptor leak caused by
JarURLConnection.getLastModified() allows attacker to cause a denial of
service (CVE-2018-1114)</p>
</li>
<li>
<p>vulnerability: guava: Unbounded memory allocation in AtomicDoubleArray
and CompoundOrdering classes allow remote attackers to cause a denial of
service (CVE-2018-10237)</p>
</li>
<li>
<p>vulnerability: bouncycastle: flaw in the low-level interface to RSA key
pair generator (CVE-2018-1000180)</p>
</li>
</ul>
<p>For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/2974891</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1550671 - CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service
1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator
1593527 - CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*
1609891 - CVE-2018-10915 postgresql: Certain host connection parameters defeat client-side security defenses
1616249 - [Tracker] rhevm-appliance build for 4.2.6</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:</p>
<p>Source:
rhvm-appliance-4.2-20180828.0.el7.src.rpm</p>
<p>noarch:
rhvm-appliance-4.2-20180828.0.el7.noarch.rpm</p>
<p>Red Hat Virtualization 4 Hypervisor for RHEL 7:</p>
<p>Source:
rhvm-appliance-4.2-20180828.0.el7.src.rpm</p>
<p>noarch:
rhvm-appliance-4.2-20180828.0.el7.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2018-1067
https://access.redhat.com/security/cve/CVE-2018-1114
https://access.redhat.com/security/cve/CVE-2018-8039
https://access.redhat.com/security/cve/CVE-2018-10237
https://access.redhat.com/security/cve/CVE-2018-10862
https://access.redhat.com/security/cve/CVE-2018-10915
https://access.redhat.com/security/cve/CVE-2018-1000180
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBW46NB9zjgjWX9erEAQio7g/9G8C/6hJR+vGBA0J+d4fLqffWMPAlUQIo
S5exHdBllncWKMutR/6oADOC0w/arYrQE7MLjxlZAvYZUS2A6NgmjsVh38BgFpBt
ijYkgIOXef9dfsk2e04+r1tDr8iSsk7PSw4RYUFZwm8f7jhT4+72RepQfnnXMhLF
tBUqTdzkXyZYNjfssqyz1d+2ZMjx7MigUvL9qFoRT5KCdeNwpVnvpqOAx6t0CVHy
TY86IqBsYJ59W4+S+GNdob3SYEt9i2kyN3ggurhOjjk+0aNR+520WRV/aMCBpd6e
kyHPvZtT2sQElgUuHmf0Pv9tJ7MOf0ybQtdTX0XIiQxxo1e1SGpUAd+2LXbuthY9
fgAZzel6SZ4hkOzQMVWnwl43FRQTKzXLKV9N5qXma7ilkJPjyUUe5uFBB7eSNI7x
L9949I807LHRCSBzuwK6SM7MZHgSjPo0bEfyU2jmJXBNP9wbjGjq1jBugIF3kFVR
WAMUbmGEZUP6GLej+xuYeesjglTbA38/EmyW1btkbIlc22PO7byQwNIPPDwyzctT
+nVvwMr5E5k4ael3epg46Ddf96ZJ6D8jjFKhveWoNdW5ZkDaiSjiMbJrGCModdX4
/KxDAb22DwAG6cy3wuCJuPHG95LRhKWVc77WdySHBiWkOplgDsELaTGTNNu69Ch9
WehWD0T5PlI=
=Ki4n
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. </p>
<p>For the stable distribution (stretch), this problem has been fixed in
version 1.56-1+deb9u2. </p>
<p>We recommend that you upgrade your bouncycastle packages. </p>
<p>For the detailed security status of bouncycastle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bouncycastle</p>
<p>Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/</p>
<p>Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----</p>
<p>iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlstVJsACgkQEMKTtsN8
TjbYZw/+Ig5wYiaMaeNbnzRu8Je7e4jGvglWlqLeTX7xG2hpzaFHCeOFxTX9oJmt
r/8y/wZMhf+pV3h1KlP9nxOLEhchcL4hSAM4necgVP6odykbH0Em2yAE5i7ae9ez
oD9Ib7dUUFbRk2a19J4bVdXXUjb3YQCN1SsS5KVYfWDgzxa+dC34vhm3yfNqoPej
0sFczW7kuUUK61a9LwNmuTp8hVyvtNc5FjhK5mEB3Fi2EiYYn8UT/LNp5QElKB4i
h7P6c1Q9jw8VSqvRqlt4n2+HAreKmOS8a61hFYFV/HFoer6rOxa03YDcC0rlva7O
a0WcOzet/IzRCOJilj2TIgXBZzFb3peyzd4arTa/VCt794qHOTIElBnmvAvVeXBW
yu83IQrDYrKnwm85K0R3YUXaBzaGTeVPwnYPJnYRydlF/zxvg7l9xx7Cy7PJN2Xh
Y+visDrPob09QFNc4PYlzQ+V6vrFrygAPO7CJ7hY7KrF8nuhbt9Ygd75IBIMTqhZ
QsQlAUZ8UU7q9vVPZCZFb89ks5WyRm8O7Kdn5wzEx1Egas1/jfUzfMOUYTEl0nfM
iOk0Q0pFpbwQ+9vWZBMWYTVHXUi8jabBbJcM4g9xVzlDk2mqTVaimnFXfl28Y3aK
D8ul9kVTrOOX/jutkY46hdLOhmGo52oHDW5qiJtQL49QzC+Qm3o=
=p+RC
-----END PGP SIGNATURE-----
. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>RHSSO-1429 - CVE-2018-10912 [7.2.z] Replace command might fail and cause endless loop when cache owners >= 2</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-14788 - Tracker bug for the EAP 7.1.4 release for RHEL-7</p>
<p>7</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201806-0859" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201806-0859" aria-expanded="false" aria-controls="collapseJsonvar-201806-0859">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201806-0859&t=Vulnerability var-201806-0859" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201806-0859&title=Vulnerability var-201806-0859" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201806-0859&url=https://vulnerability.circl.lu/vuln/var-201806-0859" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201806-0859&title=Vulnerability var-201806-0859" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201806-0859&description=Vulnerability var-201806-0859" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201806-0859&title=Vulnerability var-201806-0859" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201806-0859')" vuln-id="var-201806-0859" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201806-0859">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201806-0859">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "retail convenience and fuel pos software",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.8.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "enterprise repository",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "business transaction management",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1.0"
},
{
"model": "legion-of-the-bouncy-castle-java-crytography-api",
"scope": "lte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.59"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "fips java api",
"scope": "lte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.0.1"
},
{
"model": "legion-of-the-bouncy-castle-java-crytography-api",
"scope": "gte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.54"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "java cryptography api",
"scope": null,
"trust": 0.8,
"vendor": "bouncy castle",
"version": null
},
{
"model": "fips java api",
"scope": null,
"trust": 0.8,
"vendor": "bouncy castle",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "openshift application runtimes",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.2"
},
{
"model": "communications converged application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.8"
},
{
"model": "fips java api",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0.1"
},
{
"model": "fips java api",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0"
},
{
"model": "bouncy castle",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.59"
},
{
"model": "bouncy castle",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.54"
},
{
"model": "communications webrtc session controller",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications converged application server",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "fips java api",
"scope": "ne",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0.2"
},
{
"model": "bouncy castle beta4",
"scope": "ne",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.60"
}
],
"sources": [
{
"db": "BID",
"id": "106567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.59",
"versionStartIncluding": "1.54",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Bernd Eckenfels",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1000180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1000180",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-119384",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1000180",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1000180",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-332",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-119384",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1000180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC and BC-FJA Contains a cryptographic vulnerability.Information may be obtained. Bouncy Castle is prone to a security weakness. \nSuccessfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rhvm-appliance security update\nAdvisory ID: RHSA-2018:2643-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2643\nIssue date: 2018-08-15\nUpdated on: 2018-09-04\nCVE Names: CVE-2018-1067 CVE-2018-1114 CVE-2018-8039 \n CVE-2018-10237 CVE-2018-10862 CVE-2018-10915 \n CVE-2018-1000180 \n=====================================================================\n\n1. Summary:\n\nAn update for rhvm-appliance is now available for Red Hat Virtualization 4\nfor Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 7 - noarch\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch\n\n3. Description:\n\nThe RHV-M Virtual Appliance automates the process of installing and\nconfiguring the Red Hat Virtualization Manager. The appliance is available\nto download as an OVA file from the Customer Portal. \n\nThe following packages have been upgraded to a later upstream version:\nrhvm-appliance (4.2). (BZ#1590658, BZ#1591095, BZ#1591096, BZ#1592655,\nBZ#1594636, BZ#1597534, BZ#1612683)\n\nRed Hat would like to thank the PostgreSQL project for reporting\nCVE-2018-10915 and Ammarit Thongthua (Deloitte Thailand Pentest team) and\nNattakit Intarasorn (Deloitte Thailand Pentest team) for reporting\nCVE-2018-1067. Upstream acknowledges Andrew Krasichkov as the original\nreporter of CVE-2018-10915. \n\nSecurity fixes:\n\n* vulnerability: wildfly-core: Path traversal can allow the extraction of\n.war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)\n\n* vulnerability: apache-cxf: TLS hostname verification does not work\ncorrectly with com.sun.net.ssl.* (CVE-2018-8039)\n\n* vulnerability: postgresql: Certain host connection parameters defeat\nclient-side security defenses (CVE-2018-10915)\n\n* vulnerability: undertow: HTTP header injection using CRLF with UTF-8\nEncoding (incomplete fix of ) (CVE-2018-1067, CVE-2016-4993)\n\n* vulnerability: undertow: File descriptor leak caused by\nJarURLConnection.getLastModified() allows attacker to cause a denial of\nservice (CVE-2018-1114)\n\n* vulnerability: guava: Unbounded memory allocation in AtomicDoubleArray\nand CompoundOrdering classes allow remote attackers to cause a denial of\nservice (CVE-2018-10237)\n\n* vulnerability: bouncycastle: flaw in the low-level interface to RSA key\npair generator (CVE-2018-1000180)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1550671 - CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)\n1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service\n1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1593527 - CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n1609891 - CVE-2018-10915 postgresql: Certain host connection parameters defeat client-side security defenses\n1616249 - [Tracker] rhevm-appliance build for 4.2.6\n\n6. Package List:\n\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts:\n\nSource:\nrhvm-appliance-4.2-20180828.0.el7.src.rpm\n\nnoarch:\nrhvm-appliance-4.2-20180828.0.el7.noarch.rpm\n\nRed Hat Virtualization 4 Hypervisor for RHEL 7:\n\nSource:\nrhvm-appliance-4.2-20180828.0.el7.src.rpm\n\nnoarch:\nrhvm-appliance-4.2-20180828.0.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1067\nhttps://access.redhat.com/security/cve/CVE-2018-1114\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-10237\nhttps://access.redhat.com/security/cve/CVE-2018-10862\nhttps://access.redhat.com/security/cve/CVE-2018-10915\nhttps://access.redhat.com/security/cve/CVE-2018-1000180\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW46NB9zjgjWX9erEAQio7g/9G8C/6hJR+vGBA0J+d4fLqffWMPAlUQIo\nS5exHdBllncWKMutR/6oADOC0w/arYrQE7MLjxlZAvYZUS2A6NgmjsVh38BgFpBt\nijYkgIOXef9dfsk2e04+r1tDr8iSsk7PSw4RYUFZwm8f7jhT4+72RepQfnnXMhLF\ntBUqTdzkXyZYNjfssqyz1d+2ZMjx7MigUvL9qFoRT5KCdeNwpVnvpqOAx6t0CVHy\nTY86IqBsYJ59W4+S+GNdob3SYEt9i2kyN3ggurhOjjk+0aNR+520WRV/aMCBpd6e\nkyHPvZtT2sQElgUuHmf0Pv9tJ7MOf0ybQtdTX0XIiQxxo1e1SGpUAd+2LXbuthY9\nfgAZzel6SZ4hkOzQMVWnwl43FRQTKzXLKV9N5qXma7ilkJPjyUUe5uFBB7eSNI7x\nL9949I807LHRCSBzuwK6SM7MZHgSjPo0bEfyU2jmJXBNP9wbjGjq1jBugIF3kFVR\nWAMUbmGEZUP6GLej+xuYeesjglTbA38/EmyW1btkbIlc22PO7byQwNIPPDwyzctT\n+nVvwMr5E5k4ael3epg46Ddf96ZJ6D8jjFKhveWoNdW5ZkDaiSjiMbJrGCModdX4\n/KxDAb22DwAG6cy3wuCJuPHG95LRhKWVc77WdySHBiWkOplgDsELaTGTNNu69Ch9\nWehWD0T5PlI=\n=Ki4n\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.56-1+deb9u2. \n\nWe recommend that you upgrade your bouncycastle packages. \n\nFor the detailed security status of bouncycastle please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bouncycastle\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlstVJsACgkQEMKTtsN8\nTjbYZw/+Ig5wYiaMaeNbnzRu8Je7e4jGvglWlqLeTX7xG2hpzaFHCeOFxTX9oJmt\nr/8y/wZMhf+pV3h1KlP9nxOLEhchcL4hSAM4necgVP6odykbH0Em2yAE5i7ae9ez\noD9Ib7dUUFbRk2a19J4bVdXXUjb3YQCN1SsS5KVYfWDgzxa+dC34vhm3yfNqoPej\n0sFczW7kuUUK61a9LwNmuTp8hVyvtNc5FjhK5mEB3Fi2EiYYn8UT/LNp5QElKB4i\nh7P6c1Q9jw8VSqvRqlt4n2+HAreKmOS8a61hFYFV/HFoer6rOxa03YDcC0rlva7O\na0WcOzet/IzRCOJilj2TIgXBZzFb3peyzd4arTa/VCt794qHOTIElBnmvAvVeXBW\nyu83IQrDYrKnwm85K0R3YUXaBzaGTeVPwnYPJnYRydlF/zxvg7l9xx7Cy7PJN2Xh\nY+visDrPob09QFNc4PYlzQ+V6vrFrygAPO7CJ7hY7KrF8nuhbt9Ygd75IBIMTqhZ\nQsQlAUZ8UU7q9vVPZCZFb89ks5WyRm8O7Kdn5wzEx1Egas1/jfUzfMOUYTEl0nfM\niOk0Q0pFpbwQ+9vWZBMWYTVHXUi8jabBbJcM4g9xVzlDk2mqTVaimnFXfl28Y3aK\nD8ul9kVTrOOX/jutkY46hdLOhmGo52oHDW5qiJtQL49QzC+Qm3o=\n=p+RC\n-----END PGP SIGNATURE-----\n. JIRA issues fixed (https://issues.jboss.org/):\n\nRHSSO-1429 - CVE-2018-10912 [7.2.z] Replace command might fail and cause endless loop when cache owners \u003e= 2\n\n6. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3,\nand includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14788 - Tracker bug for the EAP 7.1.4 release for RHEL-7\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1000180"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "149229"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148944"
},
{
"db": "PACKETSTORM",
"id": "148945"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-119384",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1000180",
"trust": 3.5
},
{
"db": "BID",
"id": "106567",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152620",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2561",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10939",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042531",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149229",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148288",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-119384",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1000180",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148945",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "149229"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148944"
},
{
"db": "PACKETSTORM",
"id": "148945"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"id": "VAR-201806-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:17:17.373000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4233",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"title": "BJA-694 cleaned up primality test",
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"title": "BJA-694 minor tweak to avoid method signature change",
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"title": "Bouncy Castle BC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80686"
},
{
"title": "Debian Security Advisories: DSA-4233-1 bouncycastle -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4a57543e4dda2487f4c1ae8952d2b437"
},
{
"title": "Debian CVElist Bug Report Logs: bouncycastle: CVE-2018-1000180",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b99c874ecc8e69545f2285d1e06207f1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182424 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182423 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182425 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182428 - security advisory"
},
{
"title": "Red Hat: Important: rhvm-appliance security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182643 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190877 - security advisory"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182669 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3de0cda7adc2cd8a893e5cb9d7cdbe60"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "CyberSource Simple Order API for Java",
"trust": 0.1,
"url": "https://github.com/cybersource/cybersource-sdk-java "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/cgcl-codes/phunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/anonymous-phunter/phunter "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/106567"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:0877"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2423"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2424"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2425"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2428"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2643"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/wiki/cve-2018-1000180"
},
{
"trust": 1.8,
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.7,
"url": "https://www.bouncycastle.org/jira/browse/bja-694"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2018-1000180"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1000180"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10939"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-bouncy-castle-affects-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79650"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-bouncy-castle-api-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-resilient-is-vulnerable-to-using-components-with-known-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042531"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-bouncy-castle-vulnerabilities-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2561/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-bouncy-castle-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000613-cve-2017-13098-cve-2018-1000180/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8039"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10862"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10237"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-8039"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-10237"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-10862"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-12624"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12624"
},
{
"trust": 0.3,
"url": "https://www.bouncycastle.org"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-4233"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/cybersource/cybersource-sdk-java"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1067"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bouncycastle"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10912"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "149229"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148944"
},
{
"db": "PACKETSTORM",
"id": "148945"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "149229"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148944"
},
{
"db": "PACKETSTORM",
"id": "148945"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-119384"
},
{
"date": "2018-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"date": "2018-04-18T00:00:00",
"db": "BID",
"id": "106567"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"date": "2018-08-15T17:16:39",
"db": "PACKETSTORM",
"id": "148942"
},
{
"date": "2018-09-04T18:32:22",
"db": "PACKETSTORM",
"id": "149229"
},
{
"date": "2018-06-25T19:31:25",
"db": "PACKETSTORM",
"id": "148288"
},
{
"date": "2018-08-15T17:16:53",
"db": "PACKETSTORM",
"id": "148943"
},
{
"date": "2018-08-15T17:17:12",
"db": "PACKETSTORM",
"id": "148944"
},
{
"date": "2018-08-15T17:17:22",
"db": "PACKETSTORM",
"id": "148945"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"date": "2018-06-05T13:29:00.203000",
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-119384"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "106567"
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"date": "2023-11-07T02:51:10.350000",
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bouncy Castle BC and BC-FJA Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0436">var-200904-0436</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0436" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0436" aria-expanded="false" aria-controls="collapseJsonvar-200904-0436">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0436&t=Vulnerability var-200904-0436" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0436&title=Vulnerability var-200904-0436" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0436&url=https://vulnerability.circl.lu/vuln/var-200904-0436" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0436&title=Vulnerability var-200904-0436" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0436&description=Vulnerability var-200904-0436" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0436&title=Vulnerability var-200904-0436" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0436')" vuln-id="var-200904-0436" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0436">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0436">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0436",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:5.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1017",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1017",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-333",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1017",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53746",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"id": "VAR-200904-0436",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:49:06.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158167"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53746"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1017"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1017"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:01.093000",
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001246"
},
{
"date": "2021-07-28T18:40:37.757000",
"db": "NVD",
"id": "CVE-2009-1017"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of BI Publisher Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001246"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-333"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201202-0281">var-201202-0281</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. (1) struts-examples/upload/upload-submit.do of name Parameters (2) struts-cookbook/processSimple.do of name Or message Parameters (3) struts-cookbook/processDyna.do of name Or message Parameters. Apache is a popular free open source web server that runs on a variety of Unix and Linux platforms and runs on Windows.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201202-0281" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201202-0281" aria-expanded="false" aria-controls="collapseJsonvar-201202-0281">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201202-0281&t=Vulnerability var-201202-0281" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201202-0281&title=Vulnerability var-201202-0281" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201202-0281&url=https://vulnerability.circl.lu/vuln/var-201202-0281" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201202-0281&title=Vulnerability var-201202-0281" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201202-0281&description=Vulnerability var-201202-0281" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201202-0281&title=Vulnerability var-201202-0281" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201202-0281')" vuln-id="var-201202-0281" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201202-0281">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201202-0281">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "eq",
"trust": 3.3,
"vendor": "apache",
"version": "1.3.10"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "BID",
"id": "51900"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antu Sanadi",
"sources": [
{
"db": "BID",
"id": "51900"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1007",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-9105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1007",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-9105",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-1007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. (1) struts-examples/upload/upload-submit.do of name Parameters (2) struts-cookbook/processSimple.do of name Or message Parameters (3) struts-cookbook/processDyna.do of name Or message Parameters. Apache is a popular free open source web server that runs on a variety of Unix and Linux platforms and runs on Windows. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "BID",
"id": "51900"
},
{
"db": "VULMON",
"id": "CVE-2012-1007"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18452",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1007"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1007",
"trust": 3.4
},
{
"db": "BID",
"id": "51900",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-9105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2355",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2012-1007",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"db": "BID",
"id": "51900"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"id": "VAR-201202-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
}
]
},
"last_update_date": "2023-12-18T10:45:22.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache Struts",
"trust": 0.8,
"url": "http://struts.apache.org/"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "vulnerable-app",
"trust": 0.1,
"url": "https://github.com/pctf/vulnerable-app "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.0,
"url": "http://secpod.org/advisories/secpod_apache_struts_multiple_parsistant_xss_vulns.txt"
},
{
"trust": 1.0,
"url": "http://secpod.org/blog/?p=450"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/51900"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73052"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1007"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1007"
},
{
"trust": 0.6,
"url": "http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1007"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2355/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "BID",
"id": "51900"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"db": "BID",
"id": "51900"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"date": "2012-02-07T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"date": "2012-02-01T00:00:00",
"db": "BID",
"id": "51900"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"date": "2012-02-07T04:09:20.360000",
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"date": "2012-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1007"
},
{
"date": "2017-05-02T01:11:00",
"db": "BID",
"id": "51900"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001329"
},
{
"date": "2018-10-17T01:29:00.740000",
"db": "NVD",
"id": "CVE-2012-1007"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-9105"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-116"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0261">var-200904-0261</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0261" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0261" aria-expanded="false" aria-controls="collapseJsonvar-200904-0261">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0261&t=Vulnerability var-200904-0261" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0261&title=Vulnerability var-200904-0261" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0261&url=https://vulnerability.circl.lu/vuln/var-200904-0261" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0261&title=Vulnerability var-200904-0261" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0261&description=Vulnerability var-200904-0261" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0261&title=Vulnerability var-200904-0261" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0261')" vuln-id="var-200904-0261" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0261">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0261">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0975",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0975",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0975",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0975",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "53732",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.5
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"id": "VAR-200904-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2024-02-13T21:07:02.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53732"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2009-04-15T10:30:00.360000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2016-11-22T16:13:19.677000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201112-0123">var-201112-0123</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Oracle GlassFish Server 3.1.1 and prior versions are vulnerable. Content-Disposition: inline</p>
<p>==========================================================================Ubuntu Security Notice USN-1373-1
February 24, 2012</p>
<h1>openjdk-6 vulnerabilities</h1>
<p>A security issue affects these releases of Ubuntu and its derivatives:</p>
<ul>
<li>Ubuntu 11.10</li>
<li>Ubuntu 11.04</li>
<li>Ubuntu 10.10</li>
<li>Ubuntu 10.04 LTS</li>
</ul>
<p>Summary:</p>
<p>Multiple OpenJDK 6 vulnerabilities have been fixed. </p>
<p>Software Description:
- openjdk-6: Open Source Java implementation</p>
<p>Details:</p>
<p>It was discovered that the Java HttpServer class did not limit the
number of headers read from a HTTP request. A remote attacker could
cause a denial of service by sending special requests that trigger
hash collisions predictably. (CVE-2011-5035)</p>
<p>ATTENTION: this update changes previous Java HttpServer class behavior
by limiting the number of request headers to 200. This may be increased
by adjusting the sun.net.httpserver.maxReqHeaders property. </p>
<p>It was discovered that the Java Sound component did not properly
check buffer boundaries. A remote attacker could use this to cause
a denial of service or view confidential data. (CVE-2011-3563)</p>
<p>It was discovered that the Java2D implementation does not properly
check graphics rendering objects before passing them to the native
renderer. A remote attacker could use this to cause a denial of
service or to bypass Java sandbox restrictions. (CVE-2012-0497)</p>
<p>It was discovered that an off-by-one error exists in the Java ZIP
file processing code. An attacker could us this to cause a denial of
service through a maliciously crafted ZIP file. (CVE-2012-0501)</p>
<p>It was discovered that the Java AWT KeyboardFocusManager did not
properly enforce keyboard focus security policy. A remote attacker
could use this with an untrusted application or applet to grab keyboard
focus and possibly expose confidential data. (CVE-2012-0502)</p>
<p>It was discovered that the Java TimeZone class did not properly enforce
security policy around setting the default time zone. A remote attacker
could use this with an untrusted application or applet to set a new
default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)</p>
<p>It was discovered the Java ObjectStreamClass did not throw
an accurately identifiable exception when a deserialization
failure occurred. A remote attacker could use this with
an untrusted application or applet to bypass Java sandbox
restrictions. (CVE-2012-0505)</p>
<p>It was discovered that the Java CORBA implementation did not properly
protect repository identifiers on certain CORBA objects. A remote
attacker could use this to corrupt object data. (CVE-2012-0506)</p>
<p>It was discovered that the Java AtomicReferenceArray class
implementation did not properly check if an array was of
the expected Object[] type. A remote attacker could use this
with a malicious application or applet to bypass Java sandbox
restrictions. (CVE-2012-0507)</p>
<p>Update instructions:</p>
<p>The problem can be corrected by updating your system to the following
package versions:</p>
<p>Ubuntu 11.10:
icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.2
icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.2
openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.2
openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.2
openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.2
openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.2</p>
<p>Ubuntu 11.04:
icedtea-6-jre-cacao 6b22-1.10.6-0ubuntu1
icedtea-6-jre-jamvm 6b22-1.10.6-0ubuntu1
openjdk-6-jre 6b22-1.10.6-0ubuntu1
openjdk-6-jre-headless 6b22-1.10.6-0ubuntu1
openjdk-6-jre-lib 6b22-1.10.6-0ubuntu1
openjdk-6-jre-zero 6b22-1.10.6-0ubuntu1</p>
<p>Ubuntu 10.10:
icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.10.1
openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.10.1
openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.10.1
openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.10.1
openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.10.1</p>
<p>Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.04.1
openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.04.1
openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.04.1
openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.04.1
openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.04.1</p>
<p>After a standard system update you need to restart any Java applications
or applets to make all the necessary changes. </p>
<p>Release Date: 2012-03-26
Last Updated: 2012-04-02</p>
<hr />
<p>Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities</p>
<p>Source: Hewlett-Packard Company, HP Software Security Response Team</p>
<p>VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. </p>
<p>SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier</p>
<p>BACKGROUND</p>
<h1>CVSS 2.0 Base Metrics</h1>
<p>Reference Base Vector Base Score
CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002</p>
<p>RESOLUTION</p>
<p>HP has provided the following Java version upgrades to resolve these vulnerabilities.
The upgrades are available from the following location</p>
<p>http://www.hp.com/go/java</p>
<p>HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.14 or subsequent</p>
<p>MANUAL ACTIONS: Yes - Update
For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent</p>
<p>PRODUCT SPECIFIC INFORMATION</p>
<p>HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa</p>
<p>The following text is for use by the HP-UX Software Assistant. </p>
<p>AFFECTED VERSIONS</p>
<p>HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
===========
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.14.00 or subsequent</p>
<p>END AFFECTED VERSIONS</p>
<p>HISTORY
Version:1 (rev.1) 27 March 2012 Initial release
Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score</p>
<p>Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. </p>
<p>Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. </p>
<p>Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com</p>
<p>Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins</p>
<p>Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430</p>
<p>Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/</p>
<p>Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. </p>
<p>3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX</p>
<p>Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. </p>
<h1>Background</h1>
<p>IcedTea is a distribution of the Java OpenJDK source code built with
free build tools. </p>
<p>CVE-2011-3377
The Iced Tea browser plugin included in the openjdk-6 package
does not properly enforce the Same Origin Policy on web content
served under a domain name which has a common suffix with the
required domain name.
This could lead to JVM crash or Java sandbox bypass. </p>
<p>CVE-2012-0505
The Java serialization code leaked references to serialization
exceptions, possibly leaking critical objects to untrusted
code in Java applets and applications. This could
have been used to perform modification of the data that should
have been immutable. </p>
<p>For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 6b24-1.11.1-1. </p>
<p>We recommend that you upgrade your openjdk-6 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30</p>
<hr />
<pre><code> http://security.gentoo.org/
</code></pre>
<hr />
<p>Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30</p>
<hr />
<h1>Synopsis</h1>
<p>Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact. </p>
<h1>Affected packages</h1>
<pre><code>-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
</code></pre>
<p>1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable!
2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 *
3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable!
4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 *
5 app-emulation/emul-linux-x86-java
< 1.7.0.51 >= 1.7.0.51 *
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages</p>
<h1>Description</h1>
<p>Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details. </p>
<h1>Impact</h1>
<p>An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code. </p>
<h1>Workaround</h1>
<p>There is no known workaround at this time. </p>
<h1>Resolution</h1>
<p>All Oracle JDK 1.7 users should upgrade to the latest version:</p>
<p># emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"</p>
<p>All Oracle JRE 1.7 users should upgrade to the latest version:</p>
<p># emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"</p>
<p>All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:</p>
<p># emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"</p>
<p>All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea. </p>
<p>NOTE: As Oracle has revoked the DLJ license for its Java
implementation, the packages can no longer be updated automatically. </p>
<h1>References</h1>
<p>[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428</p>
<h1>Availability</h1>
<p>This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:</p>
<p>http://security.gentoo.org/glsa/glsa-201401-30.xml</p>
<h1>Concerns?</h1>
<p>Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org. </p>
<h1>License</h1>
<p>Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s). </p>
<p>The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. </p>
<p>http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------</p>
<p>Secunia is hiring!</p>
<p>Find your next job here:</p>
<p>http://secunia.com/company/jobs/</p>
<hr />
<p>TITLE:
Oracle Multiple Products Web Form Hash Collision Denial of Service
Vulnerability</p>
<p>SECUNIA ADVISORY ID:
SA47819</p>
<p>VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47819/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47819</p>
<p>RELEASE DATE:
2012-02-01</p>
<p>DISCUSS ADVISORY:
http://secunia.com/advisories/47819/#comments</p>
<p>AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)</p>
<p>http://secunia.com/advisories/47819/</p>
<p>ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS</p>
<p>https://ca.secunia.com/?page=viewadvisory&vuln_id=47819</p>
<p>ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING</p>
<p>http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/</p>
<p>DESCRIPTION:
A vulnerability has been reported in multiple Oracle products, which
can be exploited by malicious people to cause a DoS (Denial of
Service). </p>
<p>The vulnerability is caused due to an error within a hash generation
function when hashing form posts and updating a hash table. </p>
<p>The vulnerability is reported in the following products:
* Oracle Application Server 10g Release 3 version 10.1.3.5.0.
* Oracle iPlanet Web Server 7.0.
* Oracle iPlanet Web Server (formerly Oracle Java System Web Server)
6.1. </p>
<p>SOLUTION:
Apply patch. </p>
<p>Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<p>PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor. </p>
<p>ORIGINAL ADVISORY:
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html</p>
<p>OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<p>DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<p>EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<p>EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<p>EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr />
<p>. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2012:0139-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html
Issue date: 2012-02-16
CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035
CVE-2012-0498 CVE-2012-0499 CVE-2012-0500
CVE-2012-0501 CVE-2012-0502 CVE-2012-0503
CVE-2012-0505 CVE-2012-0506
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary. </p>
<p>The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit. </p>
<p>This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section. (CVE-2011-3563,
CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500,
CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506)</p>
<p>All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 31 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously-released errata
relevant to your system have been applied. </p>
<p>This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259</p>
<ol>
<li>Bugs fixed (http://bugzilla.redhat.com/):</li>
</ol>
<p>788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Enterprise Linux AS version 4 Extras:</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm</p>
<p>Red Hat Desktop version 4 Extras:</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm</p>
<p>Red Hat Enterprise Linux ES version 4 Extras:</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm</p>
<p>Red Hat Enterprise Linux WS version 4 Extras:</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Desktop Supplementary (v. 5):</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Server Supplementary (v. 5):</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Desktop Supplementary (v. 6):</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm</p>
<p>Red Hat Enterprise Linux HPC Node Supplementary (v. 6):</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Server Supplementary (v. 6):</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Workstation Supplementary (v. 6):</p>
<p>i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm</p>
<p>x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package</p>
<ol>
<li>References:</li>
</ol>
<p>https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-3571.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0498.html
https://www.redhat.com/security/data/cve/CVE-2012-0499.html
https://www.redhat.com/security/data/cve/CVE-2012-0500.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)</p>
<p>iD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMvOiZHAqtQCgmt4n
dZEXYZPhMUvix7Sd5jUeKng=
=Czkl
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. HP has updated the Apache Tomcat and Oracle database software to
address vulnerabilities affecting confidentiality, availability, and
integrity</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201112-0123" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201112-0123" aria-expanded="false" aria-controls="collapseJsonvar-201112-0123">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201112-0123&t=Vulnerability var-201112-0123" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201112-0123&title=Vulnerability var-201112-0123" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201112-0123&url=https://vulnerability.circl.lu/vuln/var-201112-0123" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201112-0123&title=Vulnerability var-201112-0123" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201112-0123&description=Vulnerability var-201112-0123" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201112-0123&title=Vulnerability var-201112-0123" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201112-0123')" vuln-id="var-201112-0123" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201112-0123">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201112-0123">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "glassfish server",
"scope": "eq",
"trust": 2.7,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 2.7,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "communications server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "10.3.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.2.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "10.0.2"
},
{
"model": "glassfish server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache tomcat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g r3 (10.1.3.5.0)"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "jrockit",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "27.7.1"
},
{
"model": "jrockit",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "28.2.2"
},
{
"model": "sun java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "sun java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11gr1 (10.3.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.3.5)"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "12cr1 (12.1.1)"
},
{
"model": "hp xp p9000 performance advisor software",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "5.4.1"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "hirdb for java /xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "processing kit for xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "smart edition"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for plug-in"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "entry set"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform - messaging"
},
{
"model": "internet navigware server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "none"
},
{
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "plus developer / apworks / studio"
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage form coordinator workflow",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage list manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage list works",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage shunsaku data manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage xml business activity recorder",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator cloud edition"
},
{
"model": "success server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker availability view",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker desktop inspection",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker it change manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker it process master",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker operation manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker runbook automation",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.5.0"
},
{
"model": "jrockit r28.2.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "java se sr8 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "jrockit r27.6.0-50",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.015"
},
{
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "java ibm 64-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk and jre",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "jrockit r27.6.9",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus client for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "010"
},
{
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jrockit r28.1.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jrockit r27.7.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "java se sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "xp p9000 performance advisor",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.5.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "java ibm 31-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "communication manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "nonstop server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "call management system r",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"model": "glassfish server ur1 po1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "jrockit r28.1.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "weblogic server 11gr1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"model": "iplanet webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr9-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "virtual desktop infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "glassfish server ur1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "application server 10g r3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "xp p9000 performance advisor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4.1"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"model": "jdk and jre",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.1"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "call management system r",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "virtual desktop infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "conferencing standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "java se sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "linux enterprise desktop sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Klink, n.runs AG and Julian Waumllde, Technische Universit Darmstadt",
"sources": [
{
"db": "BID",
"id": "51194"
}
],
"trust": 0.3
},
"cve": "CVE-2011-5035",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-5035",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-5035",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#903934",
"trust": 0.8,
"value": "10.80"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-502",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-5035",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. \nOracle GlassFish Server 3.1.1 and prior versions are vulnerable. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1373-1\nFebruary 24, 2012\n\nopenjdk-6 vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 vulnerabilities have been fixed. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nIt was discovered that the Java HttpServer class did not limit the\nnumber of headers read from a HTTP request. A remote attacker could\ncause a denial of service by sending special requests that trigger\nhash collisions predictably. (CVE-2011-5035)\n\nATTENTION: this update changes previous Java HttpServer class behavior\nby limiting the number of request headers to 200. This may be increased\nby adjusting the sun.net.httpserver.maxReqHeaders property. \n\nIt was discovered that the Java Sound component did not properly\ncheck buffer boundaries. A remote attacker could use this to cause\na denial of service or view confidential data. (CVE-2011-3563)\n\nIt was discovered that the Java2D implementation does not properly\ncheck graphics rendering objects before passing them to the native\nrenderer. A remote attacker could use this to cause a denial of\nservice or to bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that an off-by-one error exists in the Java ZIP\nfile processing code. An attacker could us this to cause a denial of\nservice through a maliciously crafted ZIP file. (CVE-2012-0501)\n\nIt was discovered that the Java AWT KeyboardFocusManager did not\nproperly enforce keyboard focus security policy. A remote attacker\ncould use this with an untrusted application or applet to grab keyboard\nfocus and possibly expose confidential data. (CVE-2012-0502)\n\nIt was discovered that the Java TimeZone class did not properly enforce\nsecurity policy around setting the default time zone. A remote attacker\ncould use this with an untrusted application or applet to set a new\ndefault time zone and bypass Java sandbox restrictions. (CVE-2012-0503)\n\nIt was discovered the Java ObjectStreamClass did not throw\nan accurately identifiable exception when a deserialization\nfailure occurred. A remote attacker could use this with\nan untrusted application or applet to bypass Java sandbox\nrestrictions. (CVE-2012-0505)\n\nIt was discovered that the Java CORBA implementation did not properly\nprotect repository identifiers on certain CORBA objects. A remote\nattacker could use this to corrupt object data. (CVE-2012-0506)\n\nIt was discovered that the Java AtomicReferenceArray class\nimplementation did not properly check if an array was of\nthe expected Object[] type. A remote attacker could use this\nwith a malicious application or applet to bypass Java sandbox\nrestrictions. (CVE-2012-0507)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.2\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.2\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.2\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.2\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.2\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.2\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.6-0ubuntu1\n icedtea-6-jre-jamvm 6b22-1.10.6-0ubuntu1\n openjdk-6-jre 6b22-1.10.6-0ubuntu1\n openjdk-6-jre-headless 6b22-1.10.6-0ubuntu1\n openjdk-6-jre-lib 6b22-1.10.6-0ubuntu1\n openjdk-6-jre-zero 6b22-1.10.6-0ubuntu1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.10.1\n openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.10.1\n openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.10.1\n openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.10.1\n openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.10.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.04.1\n openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.04.1\n openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.04.1\n openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.04.1\n openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.04.1\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. \n\nRelease Date: 2012-03-26\nLast Updated: 2012-04-02\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.14 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.14.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 27 March 2012 Initial release\nVersion:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nCVE-2011-3377\n\tThe Iced Tea browser plugin included in the openjdk-6 package\n\tdoes not properly enforce the Same Origin Policy on web content\n\tserved under a domain name which has a common suffix with the\n\trequired domain name. \n\tThis could lead to JVM crash or Java sandbox bypass. \n\nCVE-2012-0505\n\tThe Java serialization code leaked references to serialization\n\texceptions, possibly leaking critical objects to untrusted\n\tcode in Java applets and applications. This could\n\thave been used to perform modification of the data that should\n\thave been immutable. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 6b24-1.11.1-1. \n\nWe recommend that you upgrade your openjdk-6 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-30\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: January 27, 2014\n Bugs: #404071, #421073, #433094, #438706, #451206, #455174,\n #458444, #460360, #466212, #473830, #473980, #488210, #498148\n ID: 201401-30\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jdk \u003c= 1.6.0.45 Vulnerable!\n 2 dev-java/oracle-jdk-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 3 dev-java/sun-jre-bin \u003c= 1.6.0.45 Vulnerable!\n 4 dev-java/oracle-jre-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 5 app-emulation/emul-linux-x86-java\n \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 5 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities\nto execute arbitrary code. \nFurthermore, a local or remote attacker could exploit these\nvulnerabilities to cause unspecified impact, possibly including remote\nexecution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.51\"\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.51\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.51\"\n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one\nof the newer Oracle packages like dev-java/oracle-jdk-bin or\ndev-java/oracle-jre-bin or choose another alternative we provide; eg. \nthe IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \n\nReferences\n==========\n\n[ 1 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 2 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 3 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 4 ] CVE-2012-0498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498\n[ 5 ] CVE-2012-0499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499\n[ 6 ] CVE-2012-0500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500\n[ 7 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 8 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 9 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 10 ] CVE-2012-0504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504\n[ 11 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 12 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 13 ] CVE-2012-0507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507\n[ 14 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 15 ] CVE-2012-1531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531\n[ 16 ] CVE-2012-1532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532\n[ 17 ] CVE-2012-1533\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533\n[ 18 ] CVE-2012-1541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541\n[ 19 ] CVE-2012-1682\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682\n[ 20 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 21 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 22 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 23 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 24 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 25 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 26 ] CVE-2012-1721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721\n[ 27 ] CVE-2012-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722\n[ 28 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 29 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 30 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 31 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 32 ] CVE-2012-3136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136\n[ 33 ] CVE-2012-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143\n[ 34 ] CVE-2012-3159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159\n[ 35 ] CVE-2012-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174\n[ 36 ] CVE-2012-3213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213\n[ 37 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 38 ] CVE-2012-3342\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342\n[ 39 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 40 ] CVE-2012-4681\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681\n[ 41 ] CVE-2012-5067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067\n[ 42 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 43 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 44 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 45 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 46 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 47 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 48 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 49 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 50 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 51 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 52 ] CVE-2012-5079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079\n[ 53 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 54 ] CVE-2012-5083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083\n[ 55 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 56 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 57 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 58 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 59 ] CVE-2012-5088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088\n[ 60 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 61 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 62 ] CVE-2013-0351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351\n[ 63 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 64 ] CVE-2013-0402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402\n[ 65 ] CVE-2013-0409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409\n[ 66 ] CVE-2013-0419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419\n[ 67 ] CVE-2013-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422\n[ 68 ] CVE-2013-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423\n[ 69 ] CVE-2013-0430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430\n[ 70 ] CVE-2013-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437\n[ 71 ] CVE-2013-0438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438\n[ 72 ] CVE-2013-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445\n[ 73 ] CVE-2013-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446\n[ 74 ] CVE-2013-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448\n[ 75 ] CVE-2013-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449\n[ 76 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 77 ] CVE-2013-1473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473\n[ 78 ] CVE-2013-1479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479\n[ 79 ] CVE-2013-1481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481\n[ 80 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 81 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 82 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 83 ] CVE-2013-1487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487\n[ 84 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 85 ] CVE-2013-1491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491\n[ 86 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 87 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 88 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 89 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 90 ] CVE-2013-1540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540\n[ 91 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 92 ] CVE-2013-1558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558\n[ 93 ] CVE-2013-1561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561\n[ 94 ] CVE-2013-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563\n[ 95 ] CVE-2013-1564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564\n[ 96 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 97 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 98 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 99 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 100 ] CVE-2013-2394\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394\n[ 101 ] CVE-2013-2400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400\n[ 102 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 103 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 104 ] CVE-2013-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414\n[ 105 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 106 ] CVE-2013-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416\n[ 107 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 108 ] CVE-2013-2418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418\n[ 109 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 110 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 111 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 112 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 113 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 114 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 115 ] CVE-2013-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425\n[ 116 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 117 ] CVE-2013-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427\n[ 118 ] CVE-2013-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428\n[ 119 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 120 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 121 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 122 ] CVE-2013-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432\n[ 123 ] CVE-2013-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433\n[ 124 ] CVE-2013-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434\n[ 125 ] CVE-2013-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435\n[ 126 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 127 ] CVE-2013-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437\n[ 128 ] CVE-2013-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438\n[ 129 ] CVE-2013-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439\n[ 130 ] CVE-2013-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440\n[ 131 ] CVE-2013-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442\n[ 132 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 133 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 134 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 135 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 136 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 137 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 138 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 139 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 140 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 141 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 142 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 143 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 144 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 145 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 146 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 147 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 148 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 149 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 150 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 151 ] CVE-2013-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462\n[ 152 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 153 ] CVE-2013-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464\n[ 154 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 155 ] CVE-2013-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466\n[ 156 ] CVE-2013-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467\n[ 157 ] CVE-2013-2468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468\n[ 158 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 159 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 160 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 161 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 162 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 163 ] CVE-2013-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743\n[ 164 ] CVE-2013-3744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744\n[ 165 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 166 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 167 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 168 ] CVE-2013-5775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775\n[ 169 ] CVE-2013-5776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776\n[ 170 ] CVE-2013-5777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777\n[ 171 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 172 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 173 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 174 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 175 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 176 ] CVE-2013-5787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787\n[ 177 ] CVE-2013-5788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788\n[ 178 ] CVE-2013-5789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789\n[ 179 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 180 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 181 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 182 ] CVE-2013-5801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801\n[ 183 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 184 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 185 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 186 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 187 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 188 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 189 ] CVE-2013-5810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810\n[ 190 ] CVE-2013-5812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812\n[ 191 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 192 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 193 ] CVE-2013-5818\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818\n[ 194 ] CVE-2013-5819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819\n[ 195 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 196 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 197 ] CVE-2013-5824\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824\n[ 198 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 199 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 200 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 201 ] CVE-2013-5831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831\n[ 202 ] CVE-2013-5832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832\n[ 203 ] CVE-2013-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838\n[ 204 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 205 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 206 ] CVE-2013-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843\n[ 207 ] CVE-2013-5844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844\n[ 208 ] CVE-2013-5846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846\n[ 209 ] CVE-2013-5848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848\n[ 210 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 211 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 212 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 213 ] CVE-2013-5852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852\n[ 214 ] CVE-2013-5854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854\n[ 215 ] CVE-2013-5870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870\n[ 216 ] CVE-2013-5878\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878\n[ 217 ] CVE-2013-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887\n[ 218 ] CVE-2013-5888\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888\n[ 219 ] CVE-2013-5889\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889\n[ 220 ] CVE-2013-5893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893\n[ 221 ] CVE-2013-5895\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895\n[ 222 ] CVE-2013-5896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896\n[ 223 ] CVE-2013-5898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898\n[ 224 ] CVE-2013-5899\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899\n[ 225 ] CVE-2013-5902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902\n[ 226 ] CVE-2013-5904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904\n[ 227 ] CVE-2013-5905\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905\n[ 228 ] CVE-2013-5906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906\n[ 229 ] CVE-2013-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907\n[ 230 ] CVE-2013-5910\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910\n[ 231 ] CVE-2014-0368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368\n[ 232 ] CVE-2014-0373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373\n[ 233 ] CVE-2014-0375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375\n[ 234 ] CVE-2014-0376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376\n[ 235 ] CVE-2014-0382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382\n[ 236 ] CVE-2014-0385\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385\n[ 237 ] CVE-2014-0387\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387\n[ 238 ] CVE-2014-0403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403\n[ 239 ] CVE-2014-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408\n[ 240 ] CVE-2014-0410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410\n[ 241 ] CVE-2014-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411\n[ 242 ] CVE-2014-0415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415\n[ 243 ] CVE-2014-0416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416\n[ 244 ] CVE-2014-0417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417\n[ 245 ] CVE-2014-0418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418\n[ 246 ] CVE-2014-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422\n[ 247 ] CVE-2014-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423\n[ 248 ] CVE-2014-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424\n[ 249 ] CVE-2014-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-30.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Multiple Products Web Form Hash Collision Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47819\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47819/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nRELEASE DATE:\n2012-02-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47819/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47819/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple Oracle products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within a hash generation\nfunction when hashing form posts and updating a hash table. \n\nThe vulnerability is reported in the following products:\n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n* Oracle iPlanet Web Server 7.0. \n* Oracle iPlanet Web Server (formerly Oracle Java System Web Server)\n6.1. \n\nSOLUTION:\nApply patch. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2012:0139-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html\nIssue date: 2012-02-16\nCVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 \n CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 \n CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 \n CVE-2012-0505 CVE-2012-0506 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit. \n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. (CVE-2011-3563,\nCVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500,\nCVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 31 and resolve these issues. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)\n790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5035.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0498.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0499.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0500.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\nhttp://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMvOiZHAqtQCgmt4n\ndZEXYZPhMUvix7Sd5jUeKng=\n=Czkl\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5035"
},
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "PACKETSTORM",
"id": "110181"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "110284"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "113170"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "125436"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-5035"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5035",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#903934",
"trust": 3.3
},
{
"db": "OCERT",
"id": "OCERT-2011-003",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "48589",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57126",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48073",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48074",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48950",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19347",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19819",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19290",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502",
"trust": 0.6
},
{
"db": "BID",
"id": "51194",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS12-007",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "47819",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "2012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-5035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113170",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109353",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109834",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "PACKETSTORM",
"id": "110181"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "110284"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "113170"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"id": "VAR-201112-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26205936
},
"last_update_date": "2024-07-23T20:42:32.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5228",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5228"
},
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "HT5228",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5228?viewlocale=ja_jp"
},
{
"title": "HS12-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html"
},
{
"title": "HPSBST02955 SSRT101157",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04047415"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2013",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"title": "Oracle Security Alert for CVE-2011-5035",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
},
{
"title": "RHSA-2013:1455",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"title": "January 2012 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update"
},
{
"title": "January 2013 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2013_critical_patch_update"
},
{
"title": "interstage_as_201201",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
},
{
"title": "HS12-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-007/index.html"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120322 - security advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120135 - security advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120139 - security advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120514 - security advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1373-2"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1373-1"
},
{
"title": "Amazon Linux AMI: ALAS-2012-043",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-043"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20131455 - security advisory"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-patches-88-vulnerabilities-including-some-allow-remote-exploits-without-authentication/76457/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2012/04/05/mac-flashback-trojan-java-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"trust": 2.8,
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0514.html"
},
{
"trust": 1.1,
"url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48589"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48950"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57126"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16908"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48073"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48074"
},
{
"trust": 0.8,
"url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
},
{
"trust": 0.8,
"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5035"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu903934"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu514315/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5035"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
},
{
"trust": 0.7,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19347"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19290"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19819"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
},
{
"trust": 0.4,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
},
{
"trust": 0.4,
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03350339"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59971"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59978"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100159245"
},
{
"trust": 0.3,
"url": "http://downloads.avaya.com/css/p8/documents/100160575"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100160941"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1332960372864.876444892.199480143"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1333452463922.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/51194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0322"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1373-2/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/2012/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25553"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1373-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.6-0ubuntu1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.04.1"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0507"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5870"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5818"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5889"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2440"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0385"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3743"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5893"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5888"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5789"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1682"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5899"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5801"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5848"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1564"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0438"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5810"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5905"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201401-30.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5904"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5831"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3744"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5854"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2394"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5852"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0409"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4681"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3136"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5824"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3342"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1531"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5819"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5895"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0403"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0410"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1533"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2438"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5812"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5844"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2435"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5910"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5907"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2434"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5878"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0402"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0430"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5088"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47819/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47819/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3571.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0139.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://www.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "PACKETSTORM",
"id": "110181"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "110284"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "113170"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "PACKETSTORM",
"id": "110181"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "110284"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "113170"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-28T00:00:00",
"db": "CERT/CC",
"id": "VU#903934"
},
{
"date": "2011-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"date": "2011-12-29T00:00:00",
"db": "BID",
"id": "51194"
},
{
"date": "2012-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"date": "2012-02-24T22:58:36",
"db": "PACKETSTORM",
"id": "110181"
},
{
"date": "2012-04-06T02:06:18",
"db": "PACKETSTORM",
"id": "111624"
},
{
"date": "2014-06-30T23:39:28",
"db": "PACKETSTORM",
"id": "127267"
},
{
"date": "2012-02-29T16:03:17",
"db": "PACKETSTORM",
"id": "110284"
},
{
"date": "2012-04-25T02:09:03",
"db": "PACKETSTORM",
"id": "112144"
},
{
"date": "2012-06-01T00:12:35",
"db": "PACKETSTORM",
"id": "113170"
},
{
"date": "2014-01-27T18:30:13",
"db": "PACKETSTORM",
"id": "124943"
},
{
"date": "2012-02-02T03:30:52",
"db": "PACKETSTORM",
"id": "109353"
},
{
"date": "2012-02-17T02:33:53",
"db": "PACKETSTORM",
"id": "109834"
},
{
"date": "2014-02-26T22:39:24",
"db": "PACKETSTORM",
"id": "125436"
},
{
"date": "2011-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"date": "2011-12-30T01:55:01.640000",
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#903934"
},
{
"date": "2018-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"date": "2015-04-13T21:24:00",
"db": "BID",
"id": "51194"
},
{
"date": "2015-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"date": "2012-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-502"
},
{
"date": "2018-01-06T02:29:26.690000",
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110181"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "113170"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hash table implementations vulnerable to algorithmic complexity attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-502"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201801-0036">var-201801-0036</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System.
1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA
1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:</p>
<p>Red Hat Fuse provides a small-footprint, flexible, open source enterprise
service bus and integration platform. Red Hat A-MQ is a standards compliant
messaging system that is tailored for use in mission critical applications. It
includes bug fixes, which are documented in the patch notes accompanying
the package on the download page. See the download link given in the
references section below. Solution:</p>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>Installation instructions are located in the download section of the
customer portal. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: ipa security, bug fix, and enhancement update
Advisory ID: RHSA-2020:3936-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3936
Issue date: 2020-09-29
CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040
CVE-2018-14042 CVE-2018-20676 CVE-2018-20677
CVE-2019-8331 CVE-2019-11358 CVE-2020-1722
CVE-2020-11022
====================================================================
1. Summary:</p>
<p>An update for ipa is now available for Red Hat Enterprise Linux 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments. </p>
<p>The following packages have been upgraded to a later upstream version: ipa
(4.6.8). (BZ#1819725)</p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>js-jquery: Cross-site scripting via cross-domain ajax requests
(CVE-2015-9251)</p>
</li>
<li>
<p>bootstrap: XSS in the data-target attribute (CVE-2016-10735)</p>
</li>
<li>
<p>bootstrap: Cross-site Scripting (XSS) in the collapse data-parent
attribute (CVE-2018-14040)</p>
</li>
<li>
<p>bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip. (CVE-2018-14042)</p>
</li>
<li>
<p>bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)</p>
</li>
<li>
<p>bootstrap: XSS in the affix configuration target property
(CVE-2018-20677)</p>
</li>
<li>
<p>bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)</p>
</li>
<li>
<p>js-jquery: prototype pollution in object's prototype leading to denial of
service or remote code execution or property injection (CVE-2019-11358)</p>
</li>
<li>
<p>jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)</p>
</li>
<li>
<p>ipa: No password length restriction leads to denial of service
(CVE-2020-1722)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<p>Additional Changes:</p>
<p>For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests
1404770 - ID Views: do not allow custom Views for the masters
1545755 - ipa-replica-prepare should not update pki admin password.
1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.
1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute
1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property
1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute
1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection
1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6
1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client
1756568 - ipa-server-certinstall man page does not match built-in help.
1758406 - KRA authentication fails when IPA CA has custom Subject DN
1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements
1771356 - Default client configuration breaks ssh in FIPS mode.
1780548 - Man page ipa-cacert-manage does not display correctly on RHEL
1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas
1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd
1788907 - Renewed certs are not picked up by IPA CAs
1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service
1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA
1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems
1817886 - ipa group-add-member: prevent adding IPA objects as external members
1817918 - Secure tomcat AJP connector
1817919 - Enable compat tree to provide information about AD users and groups on trust agents
1817922 - covscan memory leaks report
1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None."
1817927 - host-add --password logs cleartext userpassword to Apache error log
1819725 - Rebase IPA to latest 4.6.x version
1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1829787 - ipa service-del deletes the required principal when specified in lower/upper case
1834385 - Man page syntax issue detected by rpminspect
1842950 - ipa-adtrust-install fails when replica is offline</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Enterprise Linux Client (v. 7):</p>
<p>Source:
ipa-4.6.8-5.el7.src.rpm</p>
<p>noarch:
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm</p>
<p>x86_64:
ipa-client-4.6.8-5.el7.x86_64.rpm
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Client Optional (v. 7):</p>
<p>noarch:
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm</p>
<p>x86_64:
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
ipa-server-4.6.8-5.el7.x86_64.rpm
ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm</p>
<p>Red Hat Enterprise Linux ComputeNode (v. 7):</p>
<p>Source:
ipa-4.6.8-5.el7.src.rpm</p>
<p>noarch:
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm</p>
<p>x86_64:
ipa-client-4.6.8-5.el7.x86_64.rpm
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm</p>
<p>Red Hat Enterprise Linux ComputeNode Optional (v. 7):</p>
<p>noarch:
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm</p>
<p>x86_64:
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
ipa-server-4.6.8-5.el7.x86_64.rpm
ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
ipa-4.6.8-5.el7.src.rpm</p>
<p>noarch:
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm</p>
<p>ppc64:
ipa-client-4.6.8-5.el7.ppc64.rpm
ipa-debuginfo-4.6.8-5.el7.ppc64.rpm</p>
<p>ppc64le:
ipa-client-4.6.8-5.el7.ppc64le.rpm
ipa-debuginfo-4.6.8-5.el7.ppc64le.rpm</p>
<p>s390x:
ipa-client-4.6.8-5.el7.s390x.rpm
ipa-debuginfo-4.6.8-5.el7.s390x.rpm</p>
<p>x86_64:
ipa-client-4.6.8-5.el7.x86_64.rpm
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
ipa-server-4.6.8-5.el7.x86_64.rpm
ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
ipa-4.6.8-5.el7.src.rpm</p>
<p>noarch:
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm</p>
<p>x86_64:
ipa-client-4.6.8-5.el7.x86_64.rpm
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
ipa-server-4.6.8-5.el7.x86_64.rpm
ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2015-9251
https://access.redhat.com/security/cve/CVE-2016-10735
https://access.redhat.com/security/cve/CVE-2018-14040
https://access.redhat.com/security/cve/CVE-2018-14042
https://access.redhat.com/security/cve/CVE-2018-20676
https://access.redhat.com/security/cve/CVE-2018-20677
https://access.redhat.com/security/cve/CVE-2019-8331
https://access.redhat.com/security/cve/CVE-2019-11358
https://access.redhat.com/security/cve/CVE-2020-1722
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ
maW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc
xSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc
FCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14
Ykya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP
+BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2
xExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8
UyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9
dZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7
8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7
5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS
UR3S5ZAZvb8=SWQt
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Hello,</p>
<p>I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable
open source dependencies. </p>
<p>Full security write up:
http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/</p>
<p>The details:</p>
<hr />
<p>/ROOT/html/js/scriptaculous/prototype.js</p>
<p>↳ prototypejs 1.5.0
prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:
CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/
http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/</p>
<p>ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js</p>
<p>↳ jquery 1.9.1
jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,
summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
event handlers; https://bugs.jquery.com/ticket/11974
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
because of Object.prototype pollution;
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</p>
<p>ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js
↳ bootstrap 3.2.0
bootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236,
summary: XSS in data-template, data-content and data-title properties of
tooltip/popover, CVE: CVE-2019-8331;
https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue:
20184, summary: XSS in data-target property of scrollspy, CVE:
CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity:
medium; issue: 20184, summary: XSS in collapse data-parent attribute,
CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184
severity: medium; issue: 20184, summary: XSS in data-container property
of tooltip, CVE: CVE-2018-14042;
https://github.com/twbs/bootstrap/issues/20184</p>
<p>ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js
↳ jquery 3.3.1
jquery 3.3.1 has known vulnerabilities: severity: low; CVE:
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
because of Object.prototype pollution;
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</p>
<p>ROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js</p>
<p>↳ jquery 1.9.1
jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,
summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
event handlers; https://bugs.jquery.com/ticket/11974
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
because of Object.prototype pollution;
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</p>
<p>ROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js</p>
<p>↳ jquery 2.1.1.min
jquery 2.1.1.min has known vulnerabilities: severity: medium; issue:
2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
event handlers; https://bugs.jquery.com/ticket/11974
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
because of Object.prototype pollution;
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b</p>
<p>ROOT/html/js/dojo/custom-build/dojo/dojo.js</p>
<p>↳ dojo 1.8.6
dojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307;
https://github.com/dojo/dojo/pull/307
https://dojotoolkit.org/blog/dojo-1-14-released</p>
<p>ROOT/html/js/tinymce/js/tinymce/tinymce.min.js</p>
<p>↳ tinyMCE 4.1.6
tinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss
issues with media plugin not properly filtering out some script
attributes.; https://www.tinymce.com/docs/changelog/ severity: medium;
summary: FIXED so script elements gets removed by default to prevent
possible XSS issues in default config implementations;
https://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED
so links with xlink:href attributes are filtered correctly to prevent
XSS.; https://www.tinymce.com/docs/changelog/
. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001
JBEAP-23865 - <a href="7.4.z">GSS</a> Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001
JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001
JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9
JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001
JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001
JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001
JBEAP-24100 - <a href="7.4.z">GSS</a> Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001
JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value
JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001
JBEAP-24132 - <a href="7.4.z">GSS</a> Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001
JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001
JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002
JBEAP-24191 - <a href="7.4.z">GSS</a> Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001
JBEAP-24195 - <a href="7.4.z">GSS</a> Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001
JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003
JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2
JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001
JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001</p>
<p>7</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201801-0036" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201801-0036" aria-expanded="false" aria-controls="collapseJsonvar-201801-0036">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201801-0036&t=Vulnerability var-201801-0036" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201801-0036&title=Vulnerability var-201801-0036" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201801-0036&url=https://vulnerability.circl.lu/vuln/var-201801-0036" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201801-0036&title=Vulnerability var-201801-0036" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201801-0036&description=Vulnerability var-201801-0036" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201801-0036&title=Vulnerability var-201801-0036" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201801-0036')" vuln-id="var-201801-0036" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201801-0036">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201801-0036">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.64.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "financial services asset liability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.8.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.10"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.60.9"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "utilities mobile workforce management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "financial services data integration hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "hospitality cruise fleet management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0.11"
},
{
"model": "financial services liquidity risk management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services liquidity risk management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "real-time scheduler",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.11"
},
{
"model": "financial services data integration hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.4"
},
{
"model": "financial services asset liability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.4",
"versionStartIncluding": "4.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
}
],
"trust": 0.5
},
"cve": "CVE-2015-9251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-87212",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-9251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87212",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-9251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ipa security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3936-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3936\nIssue date: 2020-09-29\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2018-20676 CVE-2018-20677\n CVE-2019-8331 CVE-2019-11358 CVE-2020-1722\n CVE-2020-11022\n====================================================================\n1. Summary:\n\nAn update for ipa is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property\n(CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service\n(CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1404770 - ID Views: do not allow custom Views for the masters\n1545755 - ipa-replica-prepare should not update pki admin password. \n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. \n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection\n1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n1756568 - ipa-server-certinstall man page does not match built-in help. \n1758406 - KRA authentication fails when IPA CA has custom Subject DN\n1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n1771356 - Default client configuration breaks ssh in FIPS mode. \n1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n1782587 - add \"systemctl restart sssd\" to warning message when adding trust agents to replicas\n1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n1788907 - Renewed certs are not picked up by IPA CAs\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1795890 - ipa-pkinit-manage enable fails on replica if it doesn\u0027t host the CA\n1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -\u003e 7.6 upgrade path as opposed to new RHEL 7.6 systems\n1817886 - ipa group-add-member: prevent adding IPA objects as external members\n1817918 - Secure tomcat AJP connector\n1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n1817922 - covscan memory leaks report\n1817923 - IPA upgrade is failing with error \"Failed to get request: bus, object_path and dbus_interface must not be None.\"\n1817927 - host-add --password logs cleartext userpassword to Apache error log\n1819725 - Rebase IPA to latest 4.6.x version\n1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829787 - ipa service-del deletes the required principal when specified in lower/upper case\n1834385 - Man page syntax issue detected by rpminspect\n1842950 - ipa-adtrust-install fails when replica is offline\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nppc64:\nipa-client-4.6.8-5.el7.ppc64.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64.rpm\n\nppc64le:\nipa-client-4.6.8-5.el7.ppc64le.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64le.rpm\n\ns390x:\nipa-client-4.6.8-5.el7.s390x.rpm\nipa-debuginfo-4.6.8-5.el7.s390x.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2018-20676\nhttps://access.redhat.com/security/cve/CVE-2018-20677\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1722\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ\nmaW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc\nxSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc\nFCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14\nYkya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP\n+BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2\nxExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8\nUyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9\ndZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7\n8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7\n5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS\nUR3S5ZAZvb8=SWQt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Hello,\n\nI identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable\nopen source dependencies. \n\nFull security write up:\nhttp://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/\n\nThe details:\n\n----\n\n /ROOT/html/js/scriptaculous/prototype.js\n\n\u21b3 prototypejs 1.5.0\nprototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:\nCVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/\nhttp://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/\n\nROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js\n\n\u21b3 jquery 1.9.1\njquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,\nsummary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js\n\u21b3 bootstrap 3.2.0\nbootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236,\nsummary: XSS in data-template, data-content and data-title properties of\ntooltip/popover, CVE: CVE-2019-8331;\nhttps://github.com/twbs/bootstrap/issues/28236 severity: medium; issue:\n20184, summary: XSS in data-target property of scrollspy, CVE:\nCVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity:\nmedium; issue: 20184, summary: XSS in collapse data-parent attribute,\nCVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184\nseverity: medium; issue: 20184, summary: XSS in data-container property\nof tooltip, CVE: CVE-2018-14042;\nhttps://github.com/twbs/bootstrap/issues/20184\n\nROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js\n\u21b3 jquery 3.3.1\njquery 3.3.1 has known vulnerabilities: severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js\n\n\u21b3 jquery 1.9.1\njquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,\nsummary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js\n\n\u21b3 jquery 2.1.1.min\njquery 2.1.1.min has known vulnerabilities: severity: medium; issue:\n2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/html/js/dojo/custom-build/dojo/dojo.js\n\n\u21b3 dojo 1.8.6\ndojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307;\nhttps://github.com/dojo/dojo/pull/307\nhttps://dojotoolkit.org/blog/dojo-1-14-released\n\nROOT/html/js/tinymce/js/tinymce/tinymce.min.js\n\n\u21b3 tinyMCE 4.1.6\ntinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss\nissues with media plugin not properly filtering out some script\nattributes.; https://www.tinymce.com/docs/changelog/ severity: medium;\nsummary: FIXED so script elements gets removed by default to prevent\npossible XSS issues in default config implementations;\nhttps://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED\nso links with xlink:href attributes are filtered correctly to prevent\nXSS.; https://www.tinymce.com/docs/changelog/\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
},
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9251",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "153237",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "152787",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "156743",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2019-08",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-212-04",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44601",
"trust": 1.1
},
{
"db": "BID",
"id": "105658",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "156315",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156630",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87212",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"id": "VAR-201801-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:15:42.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200481 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200729 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2015-9251 log"
},
{
"title": "Arch Linux Advisories: [ASA-201910-4] ruby-rdoc: cross-site scripting",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201910-4"
},
{
"title": "Red Hat: CVE-2015-9251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-9251"
},
{
"title": "Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204670 - security advisory"
},
{
"title": "Red Hat: Moderate: ipa security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203936 - security advisory"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204847 - security advisory"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3101664cb57ad9d937108c187df59ecf"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7dde8d528837d3c0eae28428fd6e703d"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230556 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230554 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory"
},
{
"title": "Amazon Linux 2: ALASRUBY2.6-2023-007",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alasruby2.6-2023-007"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1422"
},
{
"title": "Arch Linux Advisories: [ASA-201910-5] ruby2.5: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201910-5"
},
{
"title": "IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22fc4d0a2671b6a2b6b740928ccb3e85"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1519",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1519"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-08"
},
{
"title": "Fortinet Security Advisories: FortiSwitch multiple XSS vulnerabilities in the jQuery library",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-18-013"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3823f1edcf270e724f22c0ef0da4007f"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/astyn9/vulnerable-jquery-v1.12.2-library "
},
{
"title": "custom-okta-signin-widget",
"trust": 0.1,
"url": "https://github.com/cniesen/custom-okta-signin-widget "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/andrew-healey/canvas-lms-vuln "
},
{
"title": "sheep",
"trust": 0.1,
"url": "https://github.com/flyher/sheep "
},
{
"title": "watchdog",
"trust": 0.1,
"url": "https://github.com/flipkart-incubator/watchdog "
},
{
"title": "watchdog",
"trust": 0.1,
"url": "https://github.com/rohankumardubey/watchdog "
},
{
"title": "oracle-vuln-crawler",
"trust": 0.1,
"url": "https://github.com/zema1/oracle-vuln-crawler "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0481"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105658"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/18"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/13"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/11"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/10"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-04"
},
{
"trust": 1.1,
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"trust": 1.1,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0729"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://github.com/dojo/dojo/pull/307"
},
{
"trust": 0.2,
"url": "http://research.insecurelabs.org/jquery/test/"
},
{
"trust": 0.2,
"url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/"
},
{
"trust": 0.2,
"url": "https://bugs.jquery.com/ticket/11974"
},
{
"trust": 0.2,
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"trust": 0.2,
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"trust": 0.2,
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://github.com/twbs/bootstrap/issues/20184"
},
{
"trust": 0.1,
"url": "http://www.cvedetails.com/cve/cve-2008-7220/"
},
{
"trust": 0.1,
"url": "https://www.tinymce.com/docs/changelog/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
},
{
"trust": 0.1,
"url": "http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/"
},
{
"trust": 0.1,
"url": "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
},
{
"trust": 0.1,
"url": "https://github.com/twbs/bootstrap/issues/28236"
},
{
"trust": 0.1,
"url": "http://bugs.jquery.com/ticket/11290"
},
{
"trust": 0.1,
"url": "http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6708"
},
{
"trust": 0.1,
"url": "http://github.com/eoftedal/retire.js/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0553"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2018-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2020-02-12T18:53:35",
"db": "PACKETSTORM",
"id": "156315"
},
{
"date": "2020-09-30T15:44:20",
"db": "PACKETSTORM",
"id": "159353"
},
{
"date": "2019-05-09T13:33:33",
"db": "PACKETSTORM",
"id": "152787"
},
{
"date": "2019-06-07T16:22:22",
"db": "PACKETSTORM",
"id": "153237"
},
{
"date": "2023-01-31T17:19:24",
"db": "PACKETSTORM",
"id": "170819"
},
{
"date": "2023-01-31T17:26:38",
"db": "PACKETSTORM",
"id": "170823"
},
{
"date": "2018-01-18T23:29:00.307000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"date": "2023-11-07T02:28:57.737000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2020-4847-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, xss, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "159353"
}
],
"trust": 0.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1778">var-202003-1778</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p>
</li>
<li>
<p>cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)</p>
</li>
<li>
<p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p>
</li>
<li>
<p>HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)</p>
</li>
<li>
<p>HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)</p>
</li>
<li>
<p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)</p>
</li>
<li>
<p>HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)</p>
</li>
<li>
<p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)</p>
</li>
<li>
<p>keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)</p>
</li>
<li>
<p>keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)</p>
</li>
<li>
<p>keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)</p>
</li>
<li>
<p>keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)</p>
</li>
<li>
<p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p>
</li>
<li>
<p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</p>
</li>
<li>
<p>SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)</p>
</li>
<li>
<p>thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p>
</li>
<li>
<p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)</p>
</li>
<li>
<p>xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)</p>
</li>
</ul>
<p>For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. Solution:</p>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>The References section of this erratum contains a download link for the
update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Advisory ID: RHSA-2020:3462-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3462
Issue date: 2020-08-17
CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748
CVE-2020-10672 CVE-2020-10673 CVE-2020-10683
CVE-2020-10687 CVE-2020-10693 CVE-2020-10714
CVE-2020-10718 CVE-2020-10740 CVE-2020-14297
====================================================================
1. Summary:</p>
<p>An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3 for Red Hat Enterprise Linux 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.2 Release Notes for information about the most
significant bug fixes and enhancements included in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
(CVE-2020-10718)</p>
</li>
<li>
<p>dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)</p>
</li>
<li>
<p>wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)</p>
</li>
<li>
<p>wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to
permitting invalid characters in HTTP requests (CVE-2020-10687)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10673)</p>
</li>
<li>
<p>hibernate-core: hibernate: SQL injection issue in Hibernate ORM
(CVE-2019-14900)</p>
</li>
<li>
<p>wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
(CVE-2020-10740)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command execution
(CVE-2020-10672)</p>
</li>
<li>
<p>undertow: EAP: field-name is not parsed in accordance to RFC7230
(CVE-2020-1710)</p>
</li>
<li>
<p>hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)</p>
</li>
<li>
<p>wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)</p>
</li>
<li>
<p>wildfly: Some EJB transaction objects may get accumulated causing Denial
of Service (CVE-2020-14297)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, ensure all previously released errata relevant
to your system have been applied. </p>
<p>For details about how to apply this update, see:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-18793 - <a href="7.3.z">GSS</a> Upgrade Hibernate ORM from 5.3.16 to 5.3.17
JBEAP-19095 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.20 to 1.0.21
JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final
JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final
JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m
JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x
JBEAP-19269 - <a href="7.3.z">GSS</a> Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final
JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1
JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001
JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001
JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7
JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints.
JBEAP-19564 - <a href="7.3.z">GSS</a> Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001
JBEAP-19585 - <a href="7.3.z">GSS</a> Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6
JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001
JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001
JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final
JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final
JBEAP-19874 - <a href="7.3.z">GSS</a> Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss EAP 7.3 for RHEL 7 Server:</p>
<p>Source:
eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm
eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm
eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm
eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm
eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm
eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm
eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm
eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm</p>
<p>noarch:
eap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm
eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm
eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm
eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-10672
https://access.redhat.com/security/cve/CVE-2020-10673
https://access.redhat.com/security/cve/CVE-2020-10683
https://access.redhat.com/security/cve/CVE-2020-10687
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10718
https://access.redhat.com/security/cve/CVE-2020-10740
https://access.redhat.com/security/cve/CVE-2020-14297
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4
BT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj
9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn
2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB
gTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB
a33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt
xQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0
59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws
OfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O
42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX
bN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr
V2uaf/+66c0=doZv
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)</p>
</li>
<li>
<p>dom4j (CVE-2018-1000632)</p>
</li>
<li>
<p>elasticsearch (CVE-2018-3831)</p>
</li>
<li>
<p>pdfbox (CVE-2018-11797)</p>
</li>
<li>
<p>vertx (CVE-2018-12541)</p>
</li>
<li>
<p>spring-data-jpa (CVE-2019-3797)</p>
</li>
<li>
<p>mina-core (CVE-2019-0231)</p>
</li>
<li>
<p>jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540
CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943
CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619
CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)</p>
</li>
<li>
<p>jackson-mapper-asl (CVE-2019-10172)</p>
</li>
<li>
<p>hawtio (CVE-2019-9827)</p>
</li>
<li>
<p>undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)</p>
</li>
<li>
<p>santuario (CVE-2019-12400)</p>
</li>
<li>
<p>apache-commons-beanutils (CVE-2019-10086)</p>
</li>
<li>
<p>cxf (CVE-2019-17573)</p>
</li>
<li>
<p>apache-commons-configuration (CVE-2020-1953)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. </p>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 20. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1778" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1778" aria-expanded="false" aria-controls="collapseJsonvar-202003-1778">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1778&t=Vulnerability var-202003-1778" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1778&url=https://vulnerability.circl.lu/vuln/var-202003-1778" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1778&description=Vulnerability var-202003-1778" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1778&title=Vulnerability var-202003-1778" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1778')" vuln-id="var-202003-1778" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1778">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1778">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 1.5
},
"cve": "CVE-2020-10673",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10673",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10673",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163175",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3462-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3462\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748\n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683\n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714\n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 7 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 7 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el7eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el7eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el7eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIZtzjgjWX9erEAQgbmw/9EMmKKCCwal4bB6c8JuVi9V1qwN8+GJA4\nBT8rEG7nDCffXvCdGzhPj1JofUlvVLcMX6T7DhC7DJ3acsCFoMvpVvranRkhnXkj\n9sIZxPYy2ZFRIXWt8tUvVYeYZdKJ+dKsHRzzCetQr0vd9L9gWuGUZcroS+PTdkCn\n2Us87nq0bPNqMAX4q5iqs/+yM7WrcmL8bJELEFU+QwZQOtqKpnOiCUVwUnPxHuAB\ngTk5DLAdJaj/FFmQH0l2Qc0brTXRvcjFLhme3ygQcfiOB0bh4KO+ykhOS+lznCIB\na33P5m0/eXkdjMuT9PxxllMpE3cygCrN0caFwm5F/rJVUczc6MNBCWQ2605xiiNt\nxQOh429J3J9S+Ew+hwBsaWRwKgibItBI3aa/AiUHHPnwj5Q33hj3+2/53k7QuN/0\n59JqQ1hOz7x857G2HaAPiCWu3QDhHqfdhewrLpCEnrO0HhLiPoHou8tuD8UnITws\nOfWtjSw0bwBnhb3OsmGlQxHtIDfY+TpJKQ6YPukUmc0KiRfC695HNgk91b4u5M5O\n42Oo9g4g4rxVezCI1+WaN1KRA1J7yUTmvAFuz/1QervXpvw1xGbILLqlJI7maNnX\nbN4s3UgKVYLg/hlGiOMvLVTAuHY8OIyiijNoAcHXZv63+AGWQTRUihyIpl8KcFIr\nV2uaf/+66c0=doZv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10673"
},
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158916"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10673",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159015",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158916",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158891",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48050",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1040",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2992",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158889",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158884",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158881",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163175",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"id": "VAR-202003-1778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:18:35.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112629"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2660"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2992/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-resourceref-31850"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48050"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1040/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158916"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163175"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-09-07T16:39:48",
"db": "PACKETSTORM",
"id": "159083"
},
{
"date": "2020-08-17T17:43:07",
"db": "PACKETSTORM",
"id": "158889"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-08-31T16:22:15",
"db": "PACKETSTORM",
"id": "159015"
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080"
},
{
"date": "2020-08-19T16:44:13",
"db": "PACKETSTORM",
"id": "158916"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"date": "2020-03-18T22:15:12.407000",
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163175"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"date": "2024-07-03T01:36:08.040000",
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158889"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0656">var-201607-0656</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Console Redirection' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0656" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0656" aria-expanded="false" aria-controls="collapseJsonvar-201607-0656">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0656&t=Vulnerability var-201607-0656" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0656&title=Vulnerability var-201607-0656" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0656&url=https://vulnerability.circl.lu/vuln/var-201607-0656" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0656&title=Vulnerability var-201607-0656" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0656&description=Vulnerability var-201607-0656" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0656&title=Vulnerability var-201607-0656" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0656')" vuln-id="var-201607-0656" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0656">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0656">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5449",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94268",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5449",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5449",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-813",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94268",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5449",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027HTTP\u0027 protocol. The \u0027Console Redirection\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5449",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91986",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94268",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5449",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"id": "VAR-201607-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:52:29.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63173"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91986"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5449"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5449"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94268"
},
{
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94268"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91986"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"date": "2016-07-21T10:15:04.880000",
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94268"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5449"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91986"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003877"
},
{
"date": "2017-09-01T01:29:29.570000",
"db": "NVD",
"id": "CVE-2016-5449"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Console Redirection Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91986"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0426">var-200904-0426</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Oracle Data Service Integrator (AquaLogic Data Services Platform) component in BEA Product Suite 10.3.0, 3.2, 3.0.1, and 3.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0426" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0426" aria-expanded="false" aria-controls="collapseJsonvar-200904-0426">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0426&t=Vulnerability var-200904-0426" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0426&title=Vulnerability var-200904-0426" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0426&url=https://vulnerability.circl.lu/vuln/var-200904-0426" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0426&title=Vulnerability var-200904-0426" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0426&description=Vulnerability var-200904-0426" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0426&title=Vulnerability var-200904-0426" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0426')" vuln-id="var-200904-0426" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0426">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0426">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "10.3.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "and 3.0"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.7,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1005",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1005",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-323",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Oracle Data Service Integrator (AquaLogic Data Services Platform) component in BEA Product Suite 10.3.0, 3.2, 3.0.1, and 3.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1005",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "53760",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"id": "VAR-200904-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:16:18.628000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/53760"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1005"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1005"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:00.907000",
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004534"
},
{
"date": "2012-10-23T03:04:30.803000",
"db": "NVD",
"id": "CVE-2009-1005"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of AquaLogic Data Services Platform Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-323"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0275">var-200904-0275</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0275" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0275" aria-expanded="false" aria-controls="collapseJsonvar-200904-0275">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0275&t=Vulnerability var-200904-0275" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0275&title=Vulnerability var-200904-0275" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0275&url=https://vulnerability.circl.lu/vuln/var-200904-0275" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0275&title=Vulnerability var-200904-0275" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0275&description=Vulnerability var-200904-0275" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0275&title=Vulnerability var-200904-0275" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0275')" vuln-id="var-200904-0275" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0275">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0275">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:5.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0990",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0990",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-308",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0990",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53743",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"id": "VAR-200904-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:41:45.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158170"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53743"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0990"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0990"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.627000",
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001237"
},
{
"date": "2021-07-28T18:41:36.667000",
"db": "NVD",
"id": "CVE-2009-0990"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of BI Publisher Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001237"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-308"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0432">var-200904-0432</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0432" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0432" aria-expanded="false" aria-controls="collapseJsonvar-200904-0432">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0432&t=Vulnerability var-200904-0432" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0432&title=Vulnerability var-200904-0432" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0432&url=https://vulnerability.circl.lu/vuln/var-200904-0432" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0432&title=Vulnerability var-200904-0432" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0432&description=Vulnerability var-200904-0432" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0432&title=Vulnerability var-200904-0432" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0432')" vuln-id="var-200904-0432" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0432">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0432">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.0 mp1"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0 sp7"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1 sp6"
},
{
"model": "bea product suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2 mp3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-1012",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1012",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-329",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "76710"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1012",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53765",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022059",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"id": "VAR-200904-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:36:27.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1012",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53765"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022059"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 1.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1012"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1012"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T10:30:01.017000",
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001247"
},
{
"date": "2017-08-17T01:30:08.973000",
"db": "NVD",
"id": "CVE-2009-1012"
},
{
"date": "2011-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BEA Product Suite of Apache Plug-ins and IIS Web server vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-329"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201910-1730">var-201910-1730</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. Connect2id Nimbus JOSE+JWT Contains an exceptional condition check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Description:</p>
<p>The org.ovirt.engine-root is a core component of oVirt. </p>
<p>The following packages have been upgraded to a later upstream version:
org.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8),
ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0),
ovirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui
(1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). </p>
<p>Bug Fix(es):</p>
<ul>
<li>
<p>[downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are
versioned templates in database (BZ#1688781)</p>
</li>
<li>
<p>[ovirt-fast-forward-upgrade] Error:
ovirt-engine-setup-plugin-ovirt-engine conflicts with
ovirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)</p>
</li>
<li>
<p>Users immediately logged out from User portal due to negative
UserSessionTimeOutInterval (BZ#1757423)</p>
</li>
<li>
<p>Fluentd error when stopping metrics services through playbook on 4.3
(BZ#1772506)</p>
</li>
<li>
<p>[downstream clone - 4.3.8] From VM Portal, users cannot create Operating
System Windows VM. (BZ#1780234)</p>
</li>
</ul>
<p>Enhancement(s):</p>
<ul>
<li>
<p>RFE for offline installation of RHV Metrics Store (BZ#1711873)</p>
</li>
<li>
<p>[RFE] Compare storage with database for discrepancies (BZ#1739106)</p>
</li>
<li>
<p>[RFE] RHV+Metrics Store - Support a Flat DNS environment without
subdomains (BZ#1782412)</p>
</li>
<li>
<p>Bugs fixed (https://bugzilla.redhat.com/):</p>
</li>
</ul>
<p>1752522 - ovirt-fast-forward-upgrade: Upgrade from 4.2 to 4.3 fails with UnicodeEncodeError
1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
1789737 - Import of OVA created from template fails with java.lang.NullPointerException [RHV clone - 4.3.9]
1792874 - Hide partial engine-cleanup option [RHV clone - 4.3.9]
1797496 - Add RHCOS os to osinfo - for compatability API between 4.3 to 4.4
1801310 - Module ovirt disk parameter storage domain has default option in documentation
1808038 - Unable to change Graphical Console of HE VM. [RHV clone - 4.3.9]
1808607 - RHVM 4.3.8.2 has Security Vulnerability Tenable Plugin ID 133165 in apache-commons-beanutils-1.8.3-14.el7
1809470 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine [RHV clone - 4.3.9]
1810527 - Upgrade rhvm-dependencies to 4.3.2</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:3247-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3247
Issue date: 2020-08-04
CVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086
CVE-2019-13990 CVE-2019-17195 CVE-2019-19336
CVE-2020-7598 CVE-2020-10775 CVE-2020-11022
CVE-2020-11023
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Updated ovirt-engine packages that fix several bugs and add various
enhancements are now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view
and manage virtual machines. The Manager provides a comprehensive range of
features including search capabilities, resource management, live
migrations, and virtual infrastructure provisioning. </p>
<p>The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a VM Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API). </p>
<p>A list of bugs fixed in this update is available in the Technical Notes
book:</p>
<p>https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht
ml-single/technical_notes</p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>libquartz: XXE attacks via job description (CVE-2019-13990)</p>
</li>
<li>
<p>novnc: XSS vulnerability via the messages propagated to the status field
(CVE-2017-18635)</p>
</li>
<li>
<p>bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)</p>
</li>
<li>
<p>nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)</p>
</li>
<li>
<p>ovirt-engine: response_type parameter allows reflected XSS
(CVE-2019-19336)</p>
</li>
<li>
<p>nodejs-minimist: prototype pollution allows adding or modifying
properties of Object.prototype using a constructor or <strong>proto</strong> payload
(CVE-2020-7598)</p>
</li>
<li>
<p>ovirt-engine: Redirect to arbitrary URL allows for phishing
(CVE-2020-10775)</p>
</li>
<li>
<p>Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)</p>
</li>
<li>
<p>jQuery: passing HTML containing <option> elements to manipulation methods
could result in untrusted code execution (CVE-2020-11023)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/2974891</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1080097 - [RFE] Allow editing disks details in the Disks tab
1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up)
1358501 - [RFE] multihost network change - notify when done
1427717 - [RFE] Create and/or select affinity group upon VM creation.
1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain
1507438 - not able to deploy new rhvh host when "/tmp" is mounted with "noexec" option
1523835 - Hosted-Engine: memory hotplug does not work for engine vm
1527843 - [Tracker] Q35 chipset support (with seabios)
1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification
1535796 - Undeployment of HE is not graceful
1546838 - [RFE] Refuse to deploy on localhost.localdomain
1547937 - [RFE] Live Storage Migration progress bar.
1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work).
1593800 - [RFE] forbid new mac pools with overlapping ranges
1596178 - inconsistent display between automatic and manual Pool Type
1600059 - [RFE] Add by default a storage lease to HA VMs
1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error "Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn't supported. Please perform the updates separately."
1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2
1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result
1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state
1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths
1642273 - [UI] - left nav border highlight missing in RHV
1647440 - [RFE][UI] Provide information about the VM next run
1648345 - Jobs are not properly cleaned after a failed task.
1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking
1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted
1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity)
1651939 - a new size of the direct LUN not updated in Admin Portal
1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row
1654889 - [RFE] Support console VNC for mediated devices
1656621 - Importing VM OVA always enables 'Cloud-Init/Sysprep'
1658101 - [RESTAPI] Adding ISO disables serial console
1659161 - Unable to edit pool that is delete protected
1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours
1660644 - Concurrent LSMs of the same disk can be issued via the REST-API
1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2
1664479 - Third VM fails to get migrated when host is placed into maintenance mode
1666913 - [UI] warn users about different "Vdsm Name" when creating network with a fancy char or long name
1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine
1671876 - "Bond Active Slave" parameter on RHV-M GUI shows an incorrect until Refresh Caps
1679039 - Unable to upload image through Storage->Domain->Disk because of wrong DC
1679110 - [RFE] change Admin Portal toast notifications location
1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales
1679730 - Warn about host IP addresses outside range
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute
1686650 - Memory snapshots' deletion logging unnecessary WARNINGS in engine.log
1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds
1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4
1690155 - Disk migration progress bar not clearly visible and unusable.
1690475 - When a live storage migration fails, the auto generated snapshot does not get removed
1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage
1692592 - "Enable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk
1693628 - Engine generates too many updates to vm_dynamic table due to the session change
1693813 - Do not change DC level if there are VMs running/paused with older CL.
1695026 - Failure in creating snapshots during "Live Storage Migration" can result in a nonexistent snapshot
1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains)
1696245 - [RFE] Allow full customization while cloning a VM
1696669 - Build bouncycastle for RHV 4.4 RHEL 8
1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8
1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8
1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider
1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist
1700036 - [RFE] Add RedFish API for host power management for RHEV
1700319 - VM is going to pause state with "storage I/O error".
1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI)
1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent
1700867 - Build makeself for RHV 4.4 RHEL 8
1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8
1701491 - Build RHV-M 4.4 - RHEL 8
1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8
1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8
1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8
1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8
1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8
1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8
1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8
1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8
1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8
1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot
1703428 - VMs migrated from KVM to RHV show warning 'The latest guest agent needs to be installed and running on the guest'
1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option
1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8
1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself.
1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP
1712255 - Drop 4.1 datacenter/cluster level
1712746 - [RFE] Ignition support for ovirt vms
1712890 - engine-setup should check for snapshots in unsupported CL
1714528 - Missing IDs on cluster upgrade buttons
1714633 - Using more than one asterisk in the search string is not working when searching for users.
1714834 - Cannot disable SCSI passthrough using API
1715725 - Sending credentials in query string logs them in ovirt-request-logs
1716590 - [RFE][UX] Make Cluster-wide "Custom serial number policy" value visible at VM level
1718818 - [RFE] Enhance local disk passthrough
1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8
1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8
1720795 - New guest tools are available mark in case of guest tool located on Data Domain
1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt->RHV rebrand glitch?)
1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD
1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network.
1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject
1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255)
1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters
1730436 - Snapshot creation was successful, but snapshot remains locked
1731212 - RHV 4.4 landing page does not show login or allow scrolling.
1731590 - Cannot preview snapshot, it fails and VM remains locked.
1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade
1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4
1733843 - Export to OVA fails if VM is running on the Host doing the export
1734839 - Unable to start guests in our Power9 cluster without running in headless mode.
1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON
1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM
1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels.
1741102 - host activation causes RHHI nodes to lose the quorum
1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk
1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device
1743690 - Commit and Undo buttons active when no snapshot selected
1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels
1745384 - [IPv6 Static] Engine should allow updating network's static ipv6gateway
1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8
1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0
1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine
1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8
1747772 - Extra white space at the top of webadmin dialogs
1749284 - Change the Snapshot operation to be asynchronous
1749944 - teardownImage attempts to deactivate in-use LV's rendering the VM disk image/volumes in locked state.
1750212 - MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged
1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4
1750357 - [Tracking] ovirt-web-ui for RHV 4.4
1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4
1750482 - From VM Portal, users cannot create Operating System Windows VM.
1751215 - Unable to change Graphical Console of HE VM.
1751268 - add links to Insights to landing page
1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API
1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8
1752995 - [RFE] Need to be able to set default console option
1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8
1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8
1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support
1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries
1754490 - RHV Manager cannot start on EAP 7.2.4
1755412 - Setting "oreg_url: registry.redhat.io" fails with error
1758048 - clone(as thin) VM from template or create snapshot fails with 'Requested capacity 1073741824 < parent capacity 3221225472 (volume:1211)'
1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager
1762281 - Import of OVA created from template fails with java.lang.NullPointerException
1763992 - [RFE] Show "Open Console" as the main option in the VM actions menu
1764289 - Document details how each fence agent can be configured in RESTAPI
1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4
1764943 - Create Snapshot does not proceed beyond CreateVolume
1764959 - Apache is configured to offer TRACE method (security)
1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field
1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system
1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API
1768844 - RHEL Advanced virtualization module streams support
1769463 - [Scale] Slow performance for api/clusters when many networks devices are present
1770237 - Cannot assign a vNIC profile for VM instance profile.
1771793 - VM Portal crashes in what appears to be a permission related problem.
1773313 - RHV Metric store installation fails with error: "You need to install \"jmespath\" prior to running json_query filter"
1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI.
1779580 - drop rhvm-doc package
1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS
1782236 - Windows Update (the drivers) enablement
1782279 - Warning message for low space is not received on Imported Storage domain
1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented
1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic
1784385 - Still requiring rhvm-doc in rhvm-setup-plugins
1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal.
1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error "VirtIO-SCSI is disabled for the VM"
1796809 - Build apache-sshd for RHV 4.4 RHEL 8
1796811 - Remove bundled apache-sshd library
1796815 - Build snmp4j for RHV 4.4 RHEL 8
1796817 - Remove bundled snmp4j library
1797316 - Snapshot creation from VM fails on second snapshot and afterwords
1797500 - Add disk operation failed to complete.
1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8
1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8
1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8
1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8
1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8
1799171 - Build ws-commons-util for RHV 4.4 RHEL 8
1799204 - Build xmlrpc for RHV 4.4 RHEL 8
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801709 - Disable activation of the host while Enroll certificate flow is still in progress
1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export
1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win
1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine
1807047 - Build m2crypto for RHV 4.4 RHEL 8
1807860 - [RFE] Allow resource allocation options to be customized
1808096 - Uploading ISOs causes "Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null"
1808126 - host_service.install() does not work with deploy_hosted_engine as True.
1809040 - [CNV&RHV] let the user know that token is not valid anymore
1809052 - [CNV&RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec )
1809875 - rhv-image-discrepancies only compares images on the last DC
1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored
1810893 - mountOptions is ignored for "import storage domain" from GUI
1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries
1811869 - [Scale] Webadmin\REST for host interface list response time is too long because of excessive amount of qos related sql queries
1812875 - Unable to create VMs when french Language is selected for the rhvm gui.
1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured
1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or <strong>proto</strong> payload
1814197 - [CNV&RHV] when provider is remover DC is left behind and active
1814215 - [CNV&RHV] Adding new provider to engine fails after succesfull test
1816017 - Build log4j12 for RHV 4.4 EL8
1816643 - [CNV&RHV] VM created in CNV not visible in RHV
1816654 - [CNV&RHV] adding provider with already created vm failed
1816693 - [CNV&RHV] CNV VM failed to restart even if 1st dialog looks fine
1816739 - [CNV&RHV] CNV VM updated form CNV side doesn't update vm properties over on RHV side
1817467 - [Tracking] Migration path between RHV 4.3 and 4.4
1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2
1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update
1819248 - Cannot upgrade host after engine setup
1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev)
1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data
1820621 - Build apache-commons-compress for RHV 4.4 EL8
1820638 - Build apache-commons-jxpath for RHV 4.4 EL8
1821164 - Failed snapshot creation can cause data corruption of other VMs
1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts
1824095 - VM portal shows only error
1825793 - RHV branding is missing after upgrade from 4.3
1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3
1826437 - The console client resources page return HTTP code 500
1826801 - [CNV&RHV] update of memory on cnv side does not propagate to rhv
1826855 - [cnv&rhv] update of cpu on cnv side causing expetion in engine.log
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging]
1828736 - [CNV&RHV] cnv template is not propagated to rhv
1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights
1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev)
1829830 - vhost custom properties does not accept '-'
1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8
1834523 - Edit VM -> Enable Smartcard sharing does not stick when VM is running
1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen
1841495 - Upgrade openstack-java-sdk to 3.2.9
1842495 - high cpu usage after entering wrong search pattern in RHVM
1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit
1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation
1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW
1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing
1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020)
1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page</p>
<ol>
<li>Package List:</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:</p>
<p>Source:
ansible-runner-1.4.5-1.el8ar.src.rpm
ansible-runner-service-1.0.2-1.el8ev.src.rpm
apache-commons-collections4-4.4-1.el8ev.src.rpm
apache-commons-compress-1.18-1.el8ev.src.rpm
apache-commons-configuration-1.10-1.el8ev.src.rpm
apache-commons-jexl-2.1.1-1.el8ev.src.rpm
apache-commons-jxpath-1.3-29.el8ev.src.rpm
apache-commons-vfs-2.4.1-1.el8ev.src.rpm
apache-sshd-2.5.1-1.el8ev.src.rpm
ebay-cors-filter-1.0.1-4.el8ev.src.rpm
ed25519-java-0.3.0-1.el8ev.src.rpm
engine-db-query-1.6.1-1.el8ev.src.rpm
java-client-kubevirt-0.5.0-1.el8ev.src.rpm
log4j12-1.2.17-22.el8ev.src.rpm
m2crypto-0.35.2-5.el8ev.src.rpm
makeself-2.4.0-4.el8ev.src.rpm
novnc-1.1.0-1.el8ost.src.rpm
openstack-java-sdk-3.2.9-1.el8ev.src.rpm
ovirt-cockpit-sso-0.1.4-1.el8ev.src.rpm
ovirt-engine-4.4.1.8-0.7.el8ev.src.rpm
ovirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm
ovirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm
ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm
ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm
ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm
ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm
ovirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm
ovirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm
ovirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm
ovirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm
ovirt-log-collector-4.4.2-1.el8ev.src.rpm
ovirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm
ovirt-web-ui-1.6.3-1.el8ev.src.rpm
python-aniso8601-0.82-4.el8ost.src.rpm
python-flask-1.0.2-2.el8ost.src.rpm
python-flask-restful-0.3.6-8.el8ost.src.rpm
python-netaddr-0.7.19-8.1.el8ost.src.rpm
python-notario-0.0.16-2.el8cp.src.rpm
python-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm
python-pbr-5.1.2-2.el8ost.src.rpm
python-six-1.12.0-1.el8ost.src.rpm
python-websocket-client-0.54.0-1.el8ost.src.rpm
python-werkzeug-0.16.0-1.el8ost.src.rpm
rhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm
rhvm-branding-rhv-4.4.4-1.el8ev.src.rpm
rhvm-dependencies-4.4.0-1.el8ev.src.rpm
rhvm-setup-plugins-4.4.2-1.el8ev.src.rpm
snmp4j-2.4.1-1.el8ev.src.rpm
unboundid-ldapsdk-4.0.14-1.el8ev.src.rpm
vdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm
ws-commons-util-1.0.2-1.el8ev.src.rpm
xmlrpc-3.1.3-1.el8ev.src.rpm</p>
<p>noarch:
ansible-runner-1.4.5-1.el8ar.noarch.rpm
ansible-runner-service-1.0.2-1.el8ev.noarch.rpm
apache-commons-collections4-4.4-1.el8ev.noarch.rpm
apache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm
apache-commons-compress-1.18-1.el8ev.noarch.rpm
apache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm
apache-commons-configuration-1.10-1.el8ev.noarch.rpm
apache-commons-jexl-2.1.1-1.el8ev.noarch.rpm
apache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm
apache-commons-jxpath-1.3-29.el8ev.noarch.rpm
apache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm
apache-commons-vfs-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm
apache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm
apache-sshd-2.5.1-1.el8ev.noarch.rpm
apache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm
ebay-cors-filter-1.0.1-4.el8ev.noarch.rpm
ed25519-java-0.3.0-1.el8ev.noarch.rpm
ed25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm
engine-db-query-1.6.1-1.el8ev.noarch.rpm
java-client-kubevirt-0.5.0-1.el8ev.noarch.rpm
log4j12-1.2.17-22.el8ev.noarch.rpm
log4j12-javadoc-1.2.17-22.el8ev.noarch.rpm
makeself-2.4.0-4.el8ev.noarch.rpm
novnc-1.1.0-1.el8ost.noarch.rpm
openstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm
openstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm
openstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm
openstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm
openstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm
ovirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm
ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm
ovirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm
ovirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm
ovirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm
ovirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm
ovirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm
ovirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm
ovirt-log-collector-4.4.2-1.el8ev.noarch.rpm
ovirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm
ovirt-web-ui-1.6.3-1.el8ev.noarch.rpm
python-flask-doc-1.0.2-2.el8ost.noarch.rpm
python2-netaddr-0.7.19-8.1.el8ost.noarch.rpm
python2-pbr-5.1.2-2.el8ost.noarch.rpm
python2-six-1.12.0-1.el8ost.noarch.rpm
python3-aniso8601-0.82-4.el8ost.noarch.rpm
python3-ansible-runner-1.4.5-1.el8ar.noarch.rpm
python3-flask-1.0.2-2.el8ost.noarch.rpm
python3-flask-restful-0.3.6-8.el8ost.noarch.rpm
python3-netaddr-0.7.19-8.1.el8ost.noarch.rpm
python3-notario-0.0.16-2.el8cp.noarch.rpm
python3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm
python3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm
python3-pbr-5.1.2-2.el8ost.noarch.rpm
python3-six-1.12.0-1.el8ost.noarch.rpm
python3-websocket-client-0.54.0-1.el8ost.noarch.rpm
python3-werkzeug-0.16.0-1.el8ost.noarch.rpm
python3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm
rhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm
rhvm-4.4.1.8-0.7.el8ev.noarch.rpm
rhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm
rhvm-dependencies-4.4.0-1.el8ev.noarch.rpm
rhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm
snmp4j-2.4.1-1.el8ev.noarch.rpm
snmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm
unboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm
unboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm
vdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm
ws-commons-util-1.0.2-1.el8ev.noarch.rpm
ws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm
xmlrpc-client-3.1.3-1.el8ev.noarch.rpm
xmlrpc-common-3.1.3-1.el8ev.noarch.rpm
xmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm
xmlrpc-server-3.1.3-1.el8ev.noarch.rpm</p>
<p>x86_64:
m2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm
python3-m2crypto-0.35.2-5.el8ev.x86_64.rpm
python3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2017-18635
https://access.redhat.com/security/cve/CVE-2019-8331
https://access.redhat.com/security/cve/CVE-2019-10086
https://access.redhat.com/security/cve/CVE-2019-13990
https://access.redhat.com/security/cve/CVE-2019-17195
https://access.redhat.com/security/cve/CVE-2019-19336
https://access.redhat.com/security/cve/CVE-2020-7598
https://access.redhat.com/security/cve/CVE-2020-10775
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP
tdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn
u8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl
QuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy
SVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1
oGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N
f/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl
Y22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac
WWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh
dVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N
zCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza
2TrKn2dtZwI=
=92Q3
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201910-1730" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201910-1730" aria-expanded="false" aria-controls="collapseJsonvar-201910-1730">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201910-1730&t=Vulnerability var-201910-1730" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201910-1730&title=Vulnerability var-201910-1730" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201910-1730&url=https://vulnerability.circl.lu/vuln/var-201910-1730" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201910-1730&title=Vulnerability var-201910-1730" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201910-1730&description=Vulnerability var-201910-1730" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201910-1730&title=Vulnerability var-201910-1730" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201910-1730')" vuln-id="var-201910-1730" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201910-1730">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201910-1730">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.22"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "nimbus jose\\+jwt",
"scope": "lt",
"trust": 1.0,
"vendor": "connect2id",
"version": "7.9"
},
{
"model": "hadoop",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "3.2.1"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "nimbus jose+jwt",
"scope": "lt",
"trust": 0.8,
"vendor": "connect2id",
"version": "7.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.22",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.5.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157073"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
],
"trust": 0.8
},
"cve": "CVE-2019-17195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-17195",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-149417",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17195",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17195",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-914",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149417",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-17195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. Connect2id Nimbus JOSE+JWT Contains an exceptional condition check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. \n\nThe following packages have been upgraded to a later upstream version:\norg.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8),\novirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0),\novirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui\n(1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). \n\nBug Fix(es):\n\n* [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are\nversioned templates in database (BZ#1688781)\n\n* [ovirt-fast-forward-upgrade] Error:\novirt-engine-setup-plugin-ovirt-engine conflicts with\novirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)\n\n* Users immediately logged out from User portal due to negative\nUserSessionTimeOutInterval (BZ#1757423)\n\n* Fluentd error when stopping metrics services through playbook on 4.3\n(BZ#1772506)\n\n* [downstream clone - 4.3.8] From VM Portal, users cannot create Operating\nSystem Windows VM. (BZ#1780234)\n\nEnhancement(s):\n\n* RFE for offline installation of RHV Metrics Store (BZ#1711873)\n\n* [RFE] Compare storage with database for discrepancies (BZ#1739106)\n\n* [RFE] RHV+Metrics Store - Support a Flat DNS environment without\nsubdomains (BZ#1782412)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1752522 - ovirt-fast-forward-upgrade: Upgrade from 4.2 to 4.3 fails with UnicodeEncodeError\n1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1789737 - Import of OVA created from template fails with java.lang.NullPointerException [RHV clone - 4.3.9]\n1792874 - Hide partial engine-cleanup option [RHV clone - 4.3.9]\n1797496 - Add RHCOS os to osinfo - for compatability API between 4.3 to 4.4\n1801310 - Module ovirt disk parameter storage domain has default option in documentation\n1808038 - Unable to change Graphical Console of HE VM. [RHV clone - 4.3.9]\n1808607 - RHVM 4.3.8.2 has Security Vulnerability Tenable Plugin ID 133165 in apache-commons-beanutils-1.8.3-14.el7\n1809470 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine [RHV clone - 4.3.9]\n1810527 - Upgrade rhvm-dependencies to 4.3.2\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3247-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3247\nIssue date: 2020-08-04\nCVE Names: CVE-2017-18635 CVE-2019-8331 CVE-2019-10086 \n CVE-2019-13990 CVE-2019-17195 CVE-2019-19336 \n CVE-2020-7598 CVE-2020-10775 CVE-2020-11022 \n CVE-2020-11023 \n=====================================================================\n\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch, x86_64\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a VM Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API). \n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* libquartz: XXE attacks via job description (CVE-2019-13990)\n\n* novnc: XSS vulnerability via the messages propagated to the status field\n(CVE-2017-18635)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nimbus-jose-jwt: Uncaught exceptions while parsing a JWT (CVE-2019-17195)\n\n* ovirt-engine: response_type parameter allows reflected XSS\n(CVE-2019-19336)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* ovirt-engine: Redirect to arbitrary URL allows for phishing\n(CVE-2020-10775)\n\n* Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1080097 - [RFE] Allow editing disks details in the Disks tab\n1325468 - [RFE] Autostart of VMs that are down (with Engine assistance - Engine has to be up)\n1358501 - [RFE] multihost network change - notify when done\n1427717 - [RFE] Create and/or select affinity group upon VM creation. \n1475774 - RHV-M requesting four GetDeviceListVDSCommand when editing storage domain\n1507438 - not able to deploy new rhvh host when \"/tmp\" is mounted with \"noexec\" option\n1523835 - Hosted-Engine: memory hotplug does not work for engine vm\n1527843 - [Tracker] Q35 chipset support (with seabios)\n1529042 - [RFE] Changing of Cluster CPU Type does not trigger config update notification\n1535796 - Undeployment of HE is not graceful\n1546838 - [RFE] Refuse to deploy on localhost.localdomain\n1547937 - [RFE] Live Storage Migration progress bar. \n1585986 - [HE] When lowering the cluster compatibility, we need to force update the HE storage OVF store to ensure it can start up (migration will not work). \n1593800 - [RFE] forbid new mac pools with overlapping ranges\n1596178 - inconsistent display between automatic and manual Pool Type\n1600059 - [RFE] Add by default a storage lease to HA VMs\n1610212 - After updating to RHV 4.1 while trying to edit the disk, getting error \"Cannot edit Virtual Disk. Cannot edit Virtual Disk. Disk extension combined with disk compat version update isn\u0027t supported. Please perform the updates separately.\"\n1611395 - Unable to list Compute Templates in RHV 4.2 from Satellite 6.3.2\n1616451 - [UI] add a tooltip to explain the supported matrix for the combination of disk allocation policies, formats and the combination result\n1637172 - Live Merge hung in the volume deletion phase, leaving snapshot in a LOCKED state\n1640908 - Javascript Error popup when Managing StorageDomain with LUNs and 400+ paths\n1642273 - [UI] - left nav border highlight missing in RHV\n1647440 - [RFE][UI] Provide information about the VM next run\n1648345 - Jobs are not properly cleaned after a failed task. \n1650417 - HA is broken for VMs having disks in NFS storage domain because of Qemu OFD locking\n1650505 - Increase of ClusterCompatibilityVersion to Cluster with virtual machines with outstanding configuration changes, those changes will be reverted\n1651406 - [RFE] Allow Maintenance of Host with Enforcing VM Affinity Rules (hard affinity)\n1651939 - a new size of the direct LUN not updated in Admin Portal\n1654069 - [Downstream Clone] [UI] - grids bottom scrollbar hides bottom row\n1654889 - [RFE] Support console VNC for mediated devices\n1656621 - Importing VM OVA always enables \u0027Cloud-Init/Sysprep\u0027\n1658101 - [RESTAPI] Adding ISO disables serial console\n1659161 - Unable to edit pool that is delete protected\n1660071 - Regression in Migration of VM that starts in pause mode: took 11 hours\n1660644 - Concurrent LSMs of the same disk can be issued via the REST-API\n1663366 - USB selection option disabled even though USB support is enabled in RHV-4.2\n1664479 - Third VM fails to get migrated when host is placed into maintenance mode\n1666913 - [UI] warn users about different \"Vdsm Name\" when creating network with a fancy char or long name\n1670102 - [CinderLib] - openstack-cinder and cinderlib packages are not installed on ovirt-engine machine\n1671876 - \"Bond Active Slave\" parameter on RHV-M GUI shows an incorrect until Refresh Caps\n1679039 - Unable to upload image through Storage-\u003eDomain-\u003eDisk because of wrong DC\n1679110 - [RFE] change Admin Portal toast notifications location\n1679471 - [ja, de, es, fr, pt_BR] The console client resources page shows truncated title for some locales\n1679730 - Warn about host IP addresses outside range\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1686650 - Memory snapshots\u0027 deletion logging unnecessary WARNINGS in engine.log\n1687345 - Snapshot with memory volumes can fail if the memory dump takes more than 180 seconds\n1690026 - [RFE] - Creating an NFS storage domain the engine should let the user specify exact NFS version v4.0 and not just v4\n1690155 - Disk migration progress bar not clearly visible and unusable. \n1690475 - When a live storage migration fails, the auto generated snapshot does not get removed\n1691562 - Cluster level changes are not increasing VMs generation numbers and so a new OVF_STORE content is not copied to the shared storage\n1692592 - \"\ufffcEnable menu to select boot device shows 10 device listed with cdrom at 10th slot but when selecting 10 option the VM took 1 as option and boot with disk\n1693628 - Engine generates too many updates to vm_dynamic table due to the session change\n1693813 - Do not change DC level if there are VMs running/paused with older CL. \n1695026 - Failure in creating snapshots during \"Live Storage Migration\" can result in a nonexistent snapshot\n1695635 - [RFE] Improve Host Drop-down menu in different Dialogs (i.e. Alphabetical sort of Hosts in Remove|New StorageDomains)\n1696245 - [RFE] Allow full customization while cloning a VM\n1696669 - Build bouncycastle for RHV 4.4 RHEL 8\n1696676 - Build ebay-cors-filter for RHV 4.4 RHEL 8\n1698009 - Build openstack-java-sdk for RHV 4.4 RHEL 8\n1698102 - Print a warning message to engine-setup, which highlights that other clusters than the Default one are not modified to use ovirt-provider-ovn as the default network provider\n1700021 - [RFE] engine-setup should warn and prompt if ca.pem is missing but other generated pki files exist\n1700036 - [RFE] Add RedFish API for host power management for RHEV\n1700319 - VM is going to pause state with \"storage I/O error\". \n1700338 - [RFE] Alternate method to configure the email Event Notifier for a user in RHV through API (instead of RHV GUI)\n1700725 - [scale] RHV-M runs out of memory due to to much data reported by the guest agent\n1700867 - Build makeself for RHV 4.4 RHEL 8\n1701476 - Build unboundid-ldapsdk for RHV 4.4 RHEL 8\n1701491 - Build RHV-M 4.4 - RHEL 8\n1701522 - Build ovirt-imageio-proxy for RHV 4.4 / RHEL 8\n1701528 - Build / Tag python-ovsdbapp for RHV 4.4 RHEL 8\n1701530 - Build / Tag ovirt-cockpit-sso for RHV 4.4 RHEL 8\n1701531 - Build / Tag ovirt-engine-api-explorer for RHV 4.4 RHEL 8\n1701533 - Build / Tag ovirt-engine-dwh for RHV 4.4 / RHEL 8\n1701538 - Build / Tag vdsm-jsonrpc-java for RHV 4.4 RHEL 8\n1701544 - Build rhvm-dependencies for RHV 4.4 RHEL 8\n1702310 - Build / Tag ovirt-engine-ui-extensions for RHV 4.4 RHEL 8\n1702312 - Build ovirt-log-collector for RHV 4.4 RHEL 8\n1703112 - PCI address of NICs are not stored in the database after a hotplug of passthrough NIC resulting in change of network device name in VM after a reboot\n1703428 - VMs migrated from KVM to RHV show warning \u0027The latest guest agent needs to be installed and running on the guest\u0027\n1707225 - [cinderlib] Cinderlib DB is missing a backup and restore option\n1708624 - Build rhvm-setup-plugins for RHV 4.4 - RHEL 8\n1710491 - No EVENT_ID is generated in /var/log/ovirt-engine/engine.log when VM is rebooted from OS level itself. \n1711006 - Metrics installation fails during the execution of playbook ovirt-metrics-store-installation if the environment is not having DHCP\n1712255 - Drop 4.1 datacenter/cluster level\n1712746 - [RFE] Ignition support for ovirt vms\n1712890 - engine-setup should check for snapshots in unsupported CL\n1714528 - Missing IDs on cluster upgrade buttons\n1714633 - Using more than one asterisk in the search string is not working when searching for users. \n1714834 - Cannot disable SCSI passthrough using API\n1715725 - Sending credentials in query string logs them in ovirt-request-logs\n1716590 - [RFE][UX] Make Cluster-wide \"Custom serial number policy\" value visible at VM level\n1718818 - [RFE] Enhance local disk passthrough\n1720686 - Tag ovirt-scheduler-proxy for RHV 4.4 RHEL 8\n1720694 - Build ovirt-engine-extension-aaa-jdbc for RHV 4.4 RHEL 8\n1720795 - New guest tools are available mark in case of guest tool located on Data Domain\n1724959 - RHV recommends reporting issues to GitHub rather than access.redhat.com (ovirt-\u003eRHV rebrand glitch?)\n1727025 - NPE in DestroyImage endAction during live merge leaving a task in DB for hours causing operations depending on host clean tasks to fail as Deactivate host/StopSPM/deactivate SD\n1728472 - Engine reports network out of sync due to ipv6 default gateway via ND RA on a non default route network. \n1729511 - engine-setup fails to upgrade to 4.3 with Unicode characters in CA subject\n1729811 - [scale] updatevmdynamic broken if too many users logged in - psql ERROR: value too long for type character varying(255)\n1730264 - VMs will fail to start if the vnic profile attached is having port mirroring enabled and have name greater than 15 characters\n1730436 - Snapshot creation was successful, but snapshot remains locked\n1731212 - RHV 4.4 landing page does not show login or allow scrolling. \n1731590 - Cannot preview snapshot, it fails and VM remains locked. \n1733031 - [RFE] Add warning when importing data domains to newer DC that may trigger SD format upgrade\n1733529 - Consume python-ovsdbapp dependencies from OSP in RHEL 8 RHV 4.4\n1733843 - Export to OVA fails if VM is running on the Host doing the export\n1734839 - Unable to start guests in our Power9 cluster without running in headless mode. \n1737234 - Attach a non-existent ISO to vm by the API return 201 and marks the Attach CD checkbox as ON\n1737684 - Engine deletes the leaf volume when SnapshotVDSCommand timed out without checking if the volume is still used by the VM\n1740978 - [RFE] Warn or Block importing VMs/Templates from unsupported compatibility levels. \n1741102 - host activation causes RHHI nodes to lose the quorum\n1741271 - Move/Copy disk are blocked if there is less space in source SD than the size of the disk\n1741625 - VM fails to be re-started with error: Failed to acquire lock: No space left on device\n1743690 - Commit and Undo buttons active when no snapshot selected\n1744557 - RHV 4.3 throws an exception when trying to access VMs which have snapshots from unsupported compatibility levels\n1745384 - [IPv6 Static] Engine should allow updating network\u0027s static ipv6gateway\n1745504 - Tag rhv-log-collector-analyzer for RHV 4.4 RHEL 8\n1746272 - [BREW BUILD ENABLER] Build the oVirt Ansible roles for RHV 4.4.0\n1746430 - [Rebase] Rebase v2v-conversion-host for RHV 4.4 Engine\n1746877 - [Metrics] Rebase bug - for the 4.4 release on EL8\n1747772 - Extra white space at the top of webadmin dialogs\n1749284 - Change the Snapshot operation to be asynchronous\n1749944 - teardownImage attempts to deactivate in-use LV\u0027s rendering the VM disk image/volumes in locked state. \n1750212 - MERGE_STATUS fails with \u0027Invalid UUID string: mapper\u0027 when Direct LUN that already exists is hot-plugged\n1750348 - [Tracking] rhvm-branding-rhv for RHV 4.4\n1750357 - [Tracking] ovirt-web-ui for RHV 4.4\n1750371 - [Tracking] ovirt-engine-ui-extensions for RHV 4.4\n1750482 - From VM Portal, users cannot create Operating System Windows VM. \n1751215 - Unable to change Graphical Console of HE VM. \n1751268 - add links to Insights to landing page\n1751423 - Improve description of shared memory statistics and remove unimplemented memory metrics from API\n1752890 - Build / Tag ovirt-engine-extension-aaa-ldap for RHV 4.4 RHEL 8\n1752995 - [RFE] Need to be able to set default console option\n1753629 - Build / Tag ovirt-engine-extension-aaa-misc for RHV 4.4 RHEL 8\n1753661 - Build / Tag ovirt-engine-extension-logger-log4j got RHV 4.4 / RHEl 8\n1753664 - Build ovirt-fast-forward-upgrade for RHV 4.4 /RHEL 8 support\n1754363 - [Scale] Engine generates excessive amount of dns configuration related sql queries\n1754490 - RHV Manager cannot start on EAP 7.2.4\n1755412 - Setting \"oreg_url: registry.redhat.io\" fails with error\n1758048 - clone(as thin) VM from template or create snapshot fails with \u0027Requested capacity 1073741824 \u003c parent capacity 3221225472 (volume:1211)\u0027\n1758289 - [Warn] Duplicate chassis entries in southbound database if the host is down while removing the host from Manager\n1762281 - Import of OVA created from template fails with java.lang.NullPointerException\n1763992 - [RFE] Show \"Open Console\" as the main option in the VM actions menu\n1764289 - Document details how each fence agent can be configured in RESTAPI\n1764791 - CVE-2019-17195 nimbus-jose-jwt: Uncaught exceptions while parsing a JWT\n1764932 - [BREW BUILD ENABLER] Build the ansible-runner-service for RHV 4.4\n1764943 - Create Snapshot does not proceed beyond CreateVolume\n1764959 - Apache is configured to offer TRACE method (security)\n1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field\n1767319 - [RFE] forbid updating mac pool that contains ranges overlapping with any mac range in the system\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1768707 - Cannot set or update iscsi portal group tag when editing storage connection via API\n1768844 - RHEL Advanced virtualization module streams support\n1769463 - [Scale] Slow performance for api/clusters when many networks devices are present\n1770237 - Cannot assign a vNIC profile for VM instance profile. \n1771793 - VM Portal crashes in what appears to be a permission related problem. \n1773313 - RHV Metric store installation fails with error: \"You need to install \\\"jmespath\\\" prior to running json_query filter\"\n1777954 - VM Templates greater then 101 quantity are not listed/reported in RHV-M Webadmin UI. \n1779580 - drop rhvm-doc package\n1781001 - CVE-2019-19336 ovirt-engine: response_type parameter allows reflected XSS\n1782236 - Windows Update (the drivers) enablement\n1782279 - Warning message for low space is not received on Imported Storage domain\n1782882 - qemu-kvm: kvm_init_vcpu failed: Function not implemented\n1784049 - Rhel6 guest with cluster default q35 chipset causes kernel panic\n1784385 - Still requiring rhvm-doc in rhvm-setup-plugins\n1785750 - [RFE] Ability to change default VM action (Suspend) in the VM Portal. \n1788424 - Importing a VM having direct LUN attached using virtio driver is failing with error \"VirtIO-SCSI is disabled for the VM\"\n1796809 - Build apache-sshd for RHV 4.4 RHEL 8\n1796811 - Remove bundled apache-sshd library\n1796815 - Build snmp4j for RHV 4.4 RHEL 8\n1796817 - Remove bundled snmp4j library\n1797316 - Snapshot creation from VM fails on second snapshot and afterwords\n1797500 - Add disk operation failed to complete. \n1798114 - Build apache-commons-digester for RHV 4.4 RHEL 8\n1798117 - Build apache-commons-configuration for RHV 4.4 RHEL 8\n1798120 - Build apache-commons-jexl for RHV 4.4 RHEL 8\n1798127 - Build apache-commons-collections4 for RHV 4.4 RHEL 8\n1798137 - Build apache-commons-vfs for RHV 4.4 RHEL 8\n1799171 - Build ws-commons-util for RHV 4.4 RHEL 8\n1799204 - Build xmlrpc for RHV 4.4 RHEL 8\n1801149 - CVE-2019-13990 libquartz: XXE attacks via job description\n1801709 - Disable activation of the host while Enroll certificate flow is still in progress\n1803597 - rhv-image-discrepancies should skip storage domains in maintenance mode and ISO/Export\n1805669 - change requirement on rhvm package from spice-client-msi to spice-client-win\n1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine\n1807047 - Build m2crypto for RHV 4.4 RHEL 8\n1807860 - [RFE] Allow resource allocation options to be customized\n1808096 - Uploading ISOs causes \"Uncaught exception occurred. Please try reloading the page. Details: (TypeError) : a.n is null\"\n1808126 - host_service.install() does not work with deploy_hosted_engine as True. \n1809040 - [CNV\u0026RHV] let the user know that token is not valid anymore\n1809052 - [CNV\u0026RHV] ovirt-engine log file spammed by failed timers ( approx 3-5 messages/sec )\n1809875 - rhv-image-discrepancies only compares images on the last DC\n1809877 - rhv-image-discrepancies sends dump-volume-chains with parameter that is ignored\n1810893 - mountOptions is ignored for \"import storage domain\" from GUI\n1811865 - [Scale] Host Monitoring generates excessive amount of qos related sql queries\n1811869 - [Scale] Webadmin\\REST for host interface list response time is too long because of excessive amount of qos related sql queries\n1812875 - Unable to create VMs when french Language is selected for the rhvm gui. \n1813305 - Engine updating SLA policies of VMs continuously in an environment which is not having any QOS configured\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1814197 - [CNV\u0026RHV] when provider is remover DC is left behind and active\n1814215 - [CNV\u0026RHV] Adding new provider to engine fails after succesfull test\n1816017 - Build log4j12 for RHV 4.4 EL8\n1816643 - [CNV\u0026RHV] VM created in CNV not visible in RHV\n1816654 - [CNV\u0026RHV] adding provider with already created vm failed\n1816693 - [CNV\u0026RHV] CNV VM failed to restart even if 1st dialog looks fine\n1816739 - [CNV\u0026RHV] CNV VM updated form CNV side doesn\u0027t update vm properties over on RHV side\n1817467 - [Tracking] Migration path between RHV 4.3 and 4.4\n1818745 - rhv-log-collector-analyzer 0.2.17 still requires pyhton2\n1819201 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update\n1819248 - Cannot upgrade host after engine setup\n1819514 - Failed to register 4.4 host to the latest engine (4.4.0-0.29.master.el8ev)\n1819960 - NPE on ImportVmTemplateFromConfigurationCommand when creating VM from ovf_data\n1820621 - Build apache-commons-compress for RHV 4.4 EL8\n1820638 - Build apache-commons-jxpath for RHV 4.4 EL8\n1821164 - Failed snapshot creation can cause data corruption of other VMs\n1821930 - Enable only TLSv1.2+ protocol for SPICE on EL7 hosts\n1824095 - VM portal shows only error\n1825793 - RHV branding is missing after upgrade from 4.3\n1826248 - [4.4][ovirt-cockpit-sso] Compatibility issues with python3\n1826437 - The console client resources page return HTTP code 500\n1826801 - [CNV\u0026RHV] update of memory on cnv side does not propagate to rhv\n1826855 - [cnv\u0026rhv] update of cpu on cnv side causing expetion in engine.log\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1828669 - After SPM select the engine lost communication to all hosts until restarted [improved logging]\n1828736 - [CNV\u0026RHV] cnv template is not propagated to rhv\n1829189 - engine-setup httpd ssl configuration conflicts with Red Hat Insights\n1829656 - Failed to register 4.3 host to 4.4 engine with 4.3 cluster (4.4.0-0.33.master.el8ev)\n1829830 - vhost custom properties does not accept \u0027-\u0027\n1832161 - rhv-log-collector-analyzer fails with UnicodeDecodeError on RHEL8\n1834523 - Edit VM -\u003e Enable Smartcard sharing does not stick when VM is running\n1838493 - Live snapshot made with freeze in the engine will cause the FS to be frozen\n1841495 - Upgrade openstack-java-sdk to 3.2.9\n1842495 - high cpu usage after entering wrong search pattern in RHVM\n1844270 - [vGPU] nodisplay option for mdev broken since mdev scheduling unit\n1844855 - Missing images (favicon.ico, banner logo) and missing brand.css file on VM portal d/s installation\n1845473 - Exporting an OVA file from a VM results in its ovf file having a format of RAW when the disk is COW\n1847420 - CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1853444 - [CodeChange][i18n] oVirt 4.4 rhv branding - translation update (July-2020)\n1854563 - [4.4 downstream only][RFE] Include a link to grafana on front page\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-1.4.5-1.el8ar.src.rpm\nansible-runner-service-1.0.2-1.el8ev.src.rpm\napache-commons-collections4-4.4-1.el8ev.src.rpm\napache-commons-compress-1.18-1.el8ev.src.rpm\napache-commons-configuration-1.10-1.el8ev.src.rpm\napache-commons-jexl-2.1.1-1.el8ev.src.rpm\napache-commons-jxpath-1.3-29.el8ev.src.rpm\napache-commons-vfs-2.4.1-1.el8ev.src.rpm\napache-sshd-2.5.1-1.el8ev.src.rpm\nebay-cors-filter-1.0.1-4.el8ev.src.rpm\ned25519-java-0.3.0-1.el8ev.src.rpm\nengine-db-query-1.6.1-1.el8ev.src.rpm\njava-client-kubevirt-0.5.0-1.el8ev.src.rpm\nlog4j12-1.2.17-22.el8ev.src.rpm\nm2crypto-0.35.2-5.el8ev.src.rpm\nmakeself-2.4.0-4.el8ev.src.rpm\nnovnc-1.1.0-1.el8ost.src.rpm\nopenstack-java-sdk-3.2.9-1.el8ev.src.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.src.rpm\novirt-engine-4.4.1.8-0.7.el8ev.src.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.src.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.src.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.src.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.src.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.src.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.src.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.src.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.src.rpm\novirt-log-collector-4.4.2-1.el8ev.src.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.src.rpm\novirt-web-ui-1.6.3-1.el8ev.src.rpm\npython-aniso8601-0.82-4.el8ost.src.rpm\npython-flask-1.0.2-2.el8ost.src.rpm\npython-flask-restful-0.3.6-8.el8ost.src.rpm\npython-netaddr-0.7.19-8.1.el8ost.src.rpm\npython-notario-0.0.16-2.el8cp.src.rpm\npython-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.src.rpm\npython-pbr-5.1.2-2.el8ost.src.rpm\npython-six-1.12.0-1.el8ost.src.rpm\npython-websocket-client-0.54.0-1.el8ost.src.rpm\npython-werkzeug-0.16.0-1.el8ost.src.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.src.rpm\nrhvm-dependencies-4.4.0-1.el8ev.src.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.src.rpm\nsnmp4j-2.4.1-1.el8ev.src.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.src.rpm\nws-commons-util-1.0.2-1.el8ev.src.rpm\nxmlrpc-3.1.3-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-1.4.5-1.el8ar.noarch.rpm\nansible-runner-service-1.0.2-1.el8ev.noarch.rpm\napache-commons-collections4-4.4-1.el8ev.noarch.rpm\napache-commons-collections4-javadoc-4.4-1.el8ev.noarch.rpm\napache-commons-compress-1.18-1.el8ev.noarch.rpm\napache-commons-compress-javadoc-1.18-1.el8ev.noarch.rpm\napache-commons-configuration-1.10-1.el8ev.noarch.rpm\napache-commons-jexl-2.1.1-1.el8ev.noarch.rpm\napache-commons-jexl-javadoc-2.1.1-1.el8ev.noarch.rpm\napache-commons-jxpath-1.3-29.el8ev.noarch.rpm\napache-commons-jxpath-javadoc-1.3-29.el8ev.noarch.rpm\napache-commons-vfs-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-ant-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-examples-2.4.1-1.el8ev.noarch.rpm\napache-commons-vfs-javadoc-2.4.1-1.el8ev.noarch.rpm\napache-sshd-2.5.1-1.el8ev.noarch.rpm\napache-sshd-javadoc-2.5.1-1.el8ev.noarch.rpm\nebay-cors-filter-1.0.1-4.el8ev.noarch.rpm\ned25519-java-0.3.0-1.el8ev.noarch.rpm\ned25519-java-javadoc-0.3.0-1.el8ev.noarch.rpm\nengine-db-query-1.6.1-1.el8ev.noarch.rpm\njava-client-kubevirt-0.5.0-1.el8ev.noarch.rpm\nlog4j12-1.2.17-22.el8ev.noarch.rpm\nlog4j12-javadoc-1.2.17-22.el8ev.noarch.rpm\nmakeself-2.4.0-4.el8ev.noarch.rpm\nnovnc-1.1.0-1.el8ost.noarch.rpm\nopenstack-java-ceilometer-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-ceilometer-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-cinder-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-glance-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-heat-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-javadoc-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-keystone-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-nova-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-quantum-model-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-resteasy-connector-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-client-3.2.9-1.el8ev.noarch.rpm\nopenstack-java-swift-model-3.2.9-1.el8ev.noarch.rpm\novirt-cockpit-sso-0.1.4-1.el8ev.noarch.rpm\novirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-api-explorer-0.0.6-1.el8ev.noarch.rpm\novirt-engine-backend-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-dwh-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.1.2-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-jdbc-1.2.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.0-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-misc-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extension-logger-log4j-1.1.0-1.el8ev.noarch.rpm\novirt-engine-extensions-api-1.0.1-1.el8ev.noarch.rpm\novirt-engine-extensions-api-javadoc-1.0.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-metrics-1.4.1.1-1.el8ev.noarch.rpm\novirt-engine-restapi-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.2-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.1.8-0.7.el8ev.noarch.rpm\novirt-fast-forward-upgrade-1.1.6-0.el8ev.noarch.rpm\novirt-log-collector-4.4.2-1.el8ev.noarch.rpm\novirt-scheduler-proxy-0.1.9-1.el8ev.noarch.rpm\novirt-web-ui-1.6.3-1.el8ev.noarch.rpm\npython-flask-doc-1.0.2-2.el8ost.noarch.rpm\npython2-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython2-pbr-5.1.2-2.el8ost.noarch.rpm\npython2-six-1.12.0-1.el8ost.noarch.rpm\npython3-aniso8601-0.82-4.el8ost.noarch.rpm\npython3-ansible-runner-1.4.5-1.el8ar.noarch.rpm\npython3-flask-1.0.2-2.el8ost.noarch.rpm\npython3-flask-restful-0.3.6-8.el8ost.noarch.rpm\npython3-netaddr-0.7.19-8.1.el8ost.noarch.rpm\npython3-notario-0.0.16-2.el8cp.noarch.rpm\npython3-ovirt-engine-lib-4.4.1.8-0.7.el8ev.noarch.rpm\npython3-ovsdbapp-0.17.1-0.20191216120142.206cf14.el8ost.noarch.rpm\npython3-pbr-5.1.2-2.el8ost.noarch.rpm\npython3-six-1.12.0-1.el8ost.noarch.rpm\npython3-websocket-client-0.54.0-1.el8ost.noarch.rpm\npython3-werkzeug-0.16.0-1.el8ost.noarch.rpm\npython3-werkzeug-doc-0.16.0-1.el8ost.noarch.rpm\nrhv-log-collector-analyzer-1.0.2-1.el8ev.noarch.rpm\nrhvm-4.4.1.8-0.7.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.4-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.0-1.el8ev.noarch.rpm\nrhvm-setup-plugins-4.4.2-1.el8ev.noarch.rpm\nsnmp4j-2.4.1-1.el8ev.noarch.rpm\nsnmp4j-javadoc-2.4.1-1.el8ev.noarch.rpm\nunboundid-ldapsdk-4.0.14-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-4.0.14-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.4-1.el8ev.noarch.rpm\nws-commons-util-1.0.2-1.el8ev.noarch.rpm\nws-commons-util-javadoc-1.0.2-1.el8ev.noarch.rpm\nxmlrpc-client-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-common-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-javadoc-3.1.3-1.el8ev.noarch.rpm\nxmlrpc-server-3.1.3-1.el8ev.noarch.rpm\n\nx86_64:\nm2crypto-debugsource-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-0.35.2-5.el8ev.x86_64.rpm\npython3-m2crypto-debuginfo-0.35.2-5.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18635\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-10086\nhttps://access.redhat.com/security/cve/CVE-2019-13990\nhttps://access.redhat.com/security/cve/CVE-2019-17195\nhttps://access.redhat.com/security/cve/CVE-2019-19336\nhttps://access.redhat.com/security/cve/CVE-2020-7598\nhttps://access.redhat.com/security/cve/CVE-2020-10775\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXylir9zjgjWX9erEAQii/A//bJm3u0+ul+LdQwttSJJ79OdVqcp3FktP\ntdPj8AFbB6F9KkuX9FAQja0/2pgZAldB3Eyz57GYTxyDD1qeMqYSayGHCH01GWAn\nu8uF90lcSz6YvgEPDh1mWhLYQMfdWT6IUuKOEHldt8TyHbc7dX3xCbsLDzNCxGbl\nQuPSFPQBJaAXETSw42NGzdUzaM9zoQ0Mngj+Owcgw53YyBy3BSLAb5bKuijvkcLy\nSVCAxxiQ89E+cnETKYIv4dOfqXGA5wLg68hDmUQyFcXHA9nQbJM9Q0s1fbZ2Wav1\noGGTqJDTgVElxrHB5pYJ6pu484ZgJealkBCrHA2OBsMJUadwitVvQLXFZF5OyN0N\nf/vtZ1ua4mZADa61qfnlmVRiyISwmPPWIOImA3TIE5Q8Yl5ucCqtDjQPoJAbXsUl\nY22Bb5x7JyrN0nyOgwh6BGGK51CmOaP+xNuWD7osI24pnzdmPTZuJrZLePxgPgac\nWWQNznzvokknva2ofvujAm+DEl+W7W3A8Vs9wkmUWYlaVC7GFLEkcvQjjHahZ7kh\ndVJNoh70vpA+aJCMQHYK6MGtCSAWoqXkRTsHb3Stfm2vLLz6GYxY5OuvB7Z0ME1N\nzCiFjBla5+3nKx5ab8Pola56T1wRULHL6zYN9GTsOzxjdJsKHXBVeV8OYcnoHiza\n2TrKn2dtZwI=\n=92Q3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "PACKETSTORM",
"id": "157073"
},
{
"db": "PACKETSTORM",
"id": "158750"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17195",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157073",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042539",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042519",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072766",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072145",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149417",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-17195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "PACKETSTORM",
"id": "157073"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"id": "VAR-201910-1730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149417"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:12:02.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY-CHANGELOG",
"trust": 0.8,
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/security-changelog.txt"
},
{
"title": "Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability",
"trust": 0.8,
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"title": "Connect2id Nimbus JOSE+JWT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100510"
},
{
"title": "Red Hat: Low: Red Hat Virtualization Engine security, bug fix 4.3.9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201308 - security advisory"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203247 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22fc4d0a2671b6a2b6b740928ccb3e85"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-124"
},
{
"title": "weblogic2021",
"trust": 0.1,
"url": "https://github.com/somatrasss/weblogic2021 "
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/cvedb/poc-list "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-754",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/security-changelog.txt"
},
{
"trust": 1.8,
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17195"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3cdev.avro.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3cdev.avro.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3cdev.avro.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3cdev.avro.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17195"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/connect2id-nimbus-jose-jwt-privilege-escalation-via-jwt-parsing-31843"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-3/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072766"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072145"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042539"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042519"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1193/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157073/red-hat-security-advisory-2020-1308-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:1308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/somatrasss/weblogic2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html-single/technical_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19336"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "PACKETSTORM",
"id": "157073"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149417"
},
{
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"db": "PACKETSTORM",
"id": "157073"
},
{
"db": "PACKETSTORM",
"id": "158750"
},
{
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-149417"
},
{
"date": "2019-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"date": "2019-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"date": "2020-04-03T02:50:51",
"db": "PACKETSTORM",
"id": "157073"
},
{
"date": "2020-08-04T14:26:33",
"db": "PACKETSTORM",
"id": "158750"
},
{
"date": "2019-10-15T14:15:12.380000",
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2019-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-18T00:00:00",
"db": "VULHUB",
"id": "VHN-149417"
},
{
"date": "2022-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17195"
},
{
"date": "2019-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010680"
},
{
"date": "2023-11-07T03:06:11.280000",
"db": "NVD",
"id": "CVE-2019-17195"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-914"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Connect2id Nimbus JOSE+JWT Vulnerabilities related to exceptional state checking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010680"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202004-2199">var-202004-2199</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Summary:</p>
<p>An update for the pki-core:10.6 and pki-deps:10.6 modules is now available
for Red Hat Enterprise Linux 8. 8) - aarch64, noarch, ppc64le, s390x, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System. </p>
<p>Additional Changes:</p>
<p>For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1376706 - restore SerialNumber tag in caManualRenewal xml
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests
1406505 - KRA ECC installation failed with shared tomcat
1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
1666907 - CC: Enable AIA OCSP cert checking for entire cert chain
1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute
1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab
1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page
1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
1721684 - Rebase pki-servlet-engine to 9.0.30
1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed.
1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA
1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped.
1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page
1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server
1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI
1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak
1824939 - JSS: add RSA PSS support - RHEL 8.3
1824948 - add RSA PSS support - RHEL 8.3
1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8]
1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8]
1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password
1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret
1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException
1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing
1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates
1855319 - Not able to launch pkiconsole
1856368 - kra-key-generate request is failing
1857933 - CA Installation is failing with ncipher v12.30 HSM
1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request
1869893 - Common certificates are missing in CS.cfg on shared PKI instance
1871064 - replica install failing during pki-ca component configuration
1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update
Advisory ID: RHSA-2022:6393-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6393
Issue date: 2022-09-08
CVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096
CVE-2021-23358 CVE-2022-2806 CVE-2022-31129
====================================================================
1. Summary:</p>
<p>Updated ovirt-engine packages that fix several bugs and add various
enhancements are now available. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The ovirt-engine package provides the Red Hat Virtualization Manager, a
centralized management platform that allows system administrators to view
and manage virtual machines. The Manager provides a comprehensive range of
features including search capabilities, resource management, live
migrations, and virtual infrastructure provisioning. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>nodejs-underscore: Arbitrary code execution via the template function
(CVE-2021-23358)</p>
</li>
<li>
<p>moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</p>
</li>
<li>
<p>jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)</p>
</li>
<li>
<p>jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)</p>
</li>
<li>
<p>ovirt-log-collector: RHVM admin password is logged unfiltered
(CVE-2022-2806)</p>
</li>
<li>
<p>springframework: malicious input leads to insertion of additional log
entries (CVE-2021-22096)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<p>Bug Fix(es):</p>
<ul>
<li>
<p>Previously, running engine-setup did not always renew OVN certificates
close to expiration or expired. With this release, OVN certificates are
always renewed by engine-setup when needed. (BZ#2097558)</p>
</li>
<li>
<p>Previously, the Manager issued warnings of approaching certificate
expiration before engine-setup could update certificates. In this release
expiration warnings and certificate update periods are aligned, and
certificates are updated as soon as expiration warnings occur. (BZ#2097725)</p>
</li>
<li>
<p>With this release, OVA export or import work on hosts with a non-standard
SSH port. (BZ#2104939)</p>
</li>
<li>
<p>With this release, the certificate validity test is compatible with RHEL
8 and RHEL 7 based hypervisors. (BZ#2107250)</p>
</li>
<li>
<p>RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot
use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)</p>
</li>
<li>
<p>Previously, importing templates from the Administration Portal did not
work. With this release, importing templates from the Administration Portal
is possible. (BZ#2109923)</p>
</li>
<li>
<p>ovirt-provider-ovn certificate expiration is checked along with other RHV
certificates. If ovirt-provider-ovn is about to expire or already expired,
a warning or alert is raised in the audit log. To renew the
ovirt-provider-ovn certificate, administators must run engine-setup. If
your ovirt-provider-ovn certificate expires on a previous RHV version,
upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate
will be renewed automatically in the engine-setup. (BZ#2097560)</p>
</li>
<li>
<p>Previously, when importing a virtual machine with manual CPU pinning, the
manual pinning string was cleared, but the CPU pinning policy was not set
to NONE. As a result, importing failed. In this release, the CPU pinning
policy is set to NONE if the CPU pinning string is cleared, and importing
succeeds. (BZ#2104115)</p>
</li>
<li>
<p>Previously, the Manager could start a virtual machine with a Resize and
Pin NUMA policy on a host without an equal number of physical sockets to
NUMA nodes. As a result, wrong pinning was assigned to the policy. With
this release, the Manager does not allow the virtual machine to be
scheduled on such a virtual machine, and the pinning is correct based on
the algorithm. (BZ#1955388)</p>
</li>
<li>
<p>Rebase package(s) to version: 4.4.7.
Highlights, important fixes, or notable enhancements: fixed BZ#2081676
(BZ#2104831)</p>
</li>
<li>
<p>In this release, rhv-log-collector-analyzer provides detailed output for
each problematic image, including disk names, associated virtual machine,
the host running the virtual machine, snapshots, and current SPM. The
detailed view is now the default. The compact option can be set by using
the --compact switch in the command line. (BZ#2097536)</p>
</li>
<li>
<p>UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See
https://github.com/pingidentity/ldapsdk/releases for changes since version
4.0.14 (BZ#2092478)</p>
</li>
<li>
<p>Solution:</p>
</li>
</ul>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/2974891</p>
<ol>
<li>
<p>1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host
1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done.
2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries
2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered
2092478 - Upgrade unboundid-ldapsdk to 6.0.4
2094577 - rhv-image-discrepancies must ignore small disks created by OCP
2097536 - [RFE] Add disk name and uuid to problems output
2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup
2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate)
2097725 - Certificate Warn period and automatic renewal via engine-setup do not match
2104115 - RHV 4.5 cannot import VMs with cpu pinning
2104831 - Upgrade ovirt-log-collector to 4.4.7
2104939 - Export OVA when using host with port other than 22
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax
2107267 - ovirt-log-collector doesn't generate database dump
2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS)
2109923 - Error when importing templates in Admin portal</p>
</li>
<li>
<p>Package List:</p>
</li>
</ol>
<p>RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:</p>
<p>Source:
ovirt-engine-4.5.2.4-0.1.el8ev.src.rpm
ovirt-engine-dwh-4.5.4-1.el8ev.src.rpm
ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm
ovirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm
ovirt-log-collector-4.4.7-2.el8ev.src.rpm
ovirt-web-ui-1.9.1-1.el8ev.src.rpm
rhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm
unboundid-ldapsdk-6.0.4-1.el8ev.src.rpm
vdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm</p>
<p>noarch:
ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm
ovirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm
ovirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm
ovirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm
ovirt-log-collector-4.4.7-2.el8ev.noarch.rpm
ovirt-web-ui-1.9.1-1.el8ev.noarch.rpm
python3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm
rhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm
rhvm-4.5.2.4-0.1.el8ev.noarch.rpm
unboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm
unboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm
vdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm
vdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/cve/CVE-2021-22096
https://access.redhat.com/security/cve/CVE-2021-23358
https://access.redhat.com/security/cve/CVE-2022-2806
https://access.redhat.com/security/cve/CVE-2022-31129
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J
VvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0
jRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu
V/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7
Uz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC
q3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA
Qg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI
3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL
PQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO
DXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z
OjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime
uF/GLDTKkPw=8zTJ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Description:</p>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001
JBEAP-23865 - <a href="7.4.z">GSS</a> Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001
JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001
JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7
JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001
JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001
JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001
JBEAP-24100 - <a href="7.4.z">GSS</a> Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001
JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value
JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001
JBEAP-24132 - <a href="7.4.z">GSS</a> Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001
JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001
JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002
JBEAP-24191 - <a href="7.4.z">GSS</a> Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001
JBEAP-24195 - <a href="7.4.z">GSS</a> Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001
JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003
JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2
JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001
JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001</p>
<p>7</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202004-2199" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202004-2199" aria-expanded="false" aria-controls="collapseJsonvar-202004-2199">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202004-2199&t=Vulnerability var-202004-2199" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202004-2199&title=Vulnerability var-202004-2199" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202004-2199&url=https://vulnerability.circl.lu/vuln/var-202004-2199" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202004-2199&title=Vulnerability var-202004-2199" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202004-2199&description=Vulnerability var-202004-2199" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202004-2199&title=Vulnerability var-202004-2199" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202004-2199')" vuln-id="var-202004-2199" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202004-2199">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202004-2199">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "communications operations monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "financial services regulatory reporting for de nederlandsche bank",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.41"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.9"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.4"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "banking enterprise collections",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.2"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "peoplesoft enterprise human capital management resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "banking enterprise collections",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "communications operations monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "siebel mobile",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.0.3"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "application express",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.2"
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jquery",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.0",
"versionStartIncluding": "1.0.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.70",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.14",
"versionStartIncluding": "8.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.8.6",
"versionStartIncluding": "8.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.4",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.9",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.41",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 1.2
},
"cve": "CVE-2020-11023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-11023",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11023",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11023",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Summary:\n\nAn update for the pki-core:10.6 and pki-deps:10.6 modules is now available\nfor Red Hat Enterprise Linux 8. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in \u0027path length\u0027 constraint field in CA\u0027s Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag\u0027s python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with \u0027SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT\u0027\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update\nAdvisory ID: RHSA-2022:6393-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6393\nIssue date: 2022-09-08\nCVE Names: CVE-2020-11022 CVE-2020-11023 CVE-2021-22096\n CVE-2021-23358 CVE-2022-2806 CVE-2022-31129\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function\n(CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered\n(CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log\nentries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates\nclose to expiration or expired. With this release, OVN certificates are\nalways renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate\nexpiration before engine-setup could update certificates. In this release\nexpiration warnings and certificate update periods are aligned, and\ncertificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard\nSSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL\n8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot\nuse RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not\nwork. With this release, importing templates from the Administration Portal\nis possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV\ncertificates. If ovirt-provider-ovn is about to expire or already expired,\na warning or alert is raised in the audit log. To renew the\novirt-provider-ovn certificate, administators must run engine-setup. If\nyour ovirt-provider-ovn certificate expires on a previous RHV version,\nupgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate\nwill be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the\nmanual pinning string was cleared, but the CPU pinning policy was not set\nto NONE. As a result, importing failed. In this release, the CPU pinning\npolicy is set to NONE if the CPU pinning string is cleared, and importing\nsucceeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and\nPin NUMA policy on a host without an equal number of physical sockets to\nNUMA nodes. As a result, wrong pinning was assigned to the policy. With\nthis release, the Manager does not allow the virtual machine to be\nscheduled on such a virtual machine, and the pinning is correct based on\nthe algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7. \nHighlights, important fixes, or notable enhancements: fixed BZ#2081676\n(BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for\neach problematic image, including disk names, associated virtual machine,\nthe host running the virtual machine, snapshots, and current SPM. The\ndetailed view is now the default. The compact option can be set by using\nthe --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See\nhttps://github.com/pingidentity/ldapsdk/releases for changes since version\n4.0.14 (BZ#2092478)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. \n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n1955388 - Auto Pinning Policy only pins some of the vCPUs on a single NUMA host\n1974974 - Not possible to determine migration policy from the API, even though documentation reports that it can be done. \n2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries\n2080005 - CVE-2022-2806 ovirt-log-collector: RHVM admin password is logged unfiltered\n2092478 - Upgrade unboundid-ldapsdk to 6.0.4\n2094577 - rhv-image-discrepancies must ignore small disks created by OCP\n2097536 - [RFE] Add disk name and uuid to problems output\n2097558 - Renew ovirt-provider-ovn.cer certificates during engine-setup\n2097560 - Warning when ovsdb-server certificates are about to expire(OVN certificate)\n2097725 - Certificate Warn period and automatic renewal via engine-setup do not match\n2104115 - RHV 4.5 cannot import VMs with cpu pinning\n2104831 - Upgrade ovirt-log-collector to 4.4.7\n2104939 - Export OVA when using host with port other than 22\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2107250 - Upgrade of the host failed as the RHV 4.3 hypervisor is based on RHEL 7 with openssl 1.0.z, but RHV Manager 4.4 uses the openssl 1.1.z syntax\n2107267 - ovirt-log-collector doesn\u0027t generate database dump\n2108985 - RHV 4.4 SP1 EUS requires RHEL 8.6 EUS (RHEL 8.7+ releases are not supported on RHV 4.4 SP1 EUS)\n2109923 - Error when importing templates in Admin portal\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\novirt-engine-4.5.2.4-0.1.el8ev.src.rpm\novirt-engine-dwh-4.5.4-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.src.rpm\novirt-log-collector-4.4.7-2.el8ev.src.rpm\novirt-web-ui-1.9.1-1.el8ev.src.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.src.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.src.rpm\n\nnoarch:\novirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-backend-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-dwh-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.4-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.6-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.6-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.5-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.2.4-0.1.el8ev.noarch.rpm\novirt-log-collector-4.4.7-2.el8ev.noarch.rpm\novirt-web-ui-1.9.1-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.2.4-0.1.el8ev.noarch.rpm\nrhv-log-collector-analyzer-1.0.15-1.el8ev.noarch.rpm\nrhvm-4.5.2.4-0.1.el8ev.noarch.rpm\nunboundid-ldapsdk-6.0.4-1.el8ev.noarch.rpm\nunboundid-ldapsdk-javadoc-6.0.4-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.7.2-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-javadoc-1.7.2-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2021-22096\nhttps://access.redhat.com/security/cve/CVE-2021-23358\nhttps://access.redhat.com/security/cve/CVE-2022-2806\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqRtzjgjWX9erEAQiQOw//XOS172gkbNeuoMSW1IYiEpJG4zQIvT2J\nVvyizOMlQzpe49Bkopu1zj/e8yM1eXNIg1elPzA3280z7ruNb4fkeoXT7vM5mB/0\njRAr1ja9ZHnZmEW60X3WVhEBjEXCeOv5CWBgqzdQWSB7RpPqfMP7/4kHGFnCPZxu\nV/n+Z9YKoDxeiW19tuTdU5E5cFySVV8JZAlfXlrR1dz815Ugsm2AMk6uPwjQ2+C7\nUz3zLQLjRjxFk+qSph8NYbOZGnUkypWQG5KXPMyk/Cg3jewjMkjAhzgcTJAdolRC\nq3p9kD5KdWRe+3xzjy6B4IsSSqvEyHphwrRv8wgk0vIAawfgi76+jL7n/C07rdpA\nQg6zlDxmHDrZPC42dsW6dXJ1QefRQE5EzFFJcoycqvWdlRfXX6D1RZc5knSQb2iI\n3iSh+hVwxY9pzNZVMlwtDHhw8dqvgw7JimToy8vOldgK0MdndwtVmKsKsRzu7HyL\nPQSvcN5lSv1X5FR2tnx9LMQXX1qn0P1d/8gTiRFm8Oabjx2r8I0/HNgnJpTSVSBO\nDXjKFDmwpiT+6tupM39ZbWek2hh+PoyMZJb/d6/YTND6VNlzUypq+DFtLILEaM8Z\nOjWz0YAL8/ihvhq0vSdFSMFcYKSWAOXA+6pSqe7N7WtB9hl0r7sLUaRSRHti1Ime\nuF/GLDTKkPw=8zTJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11023",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "162160",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99394498",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912830",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-306-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161830",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158797",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160548",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164887",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3823",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2714",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1351",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1066",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1916",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3663",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0585",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1863",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1519",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0923",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2660.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4421",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48902",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-60182",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49767",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072824",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052207",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011837",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042101",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"id": "VAR-202004-2199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:20:16.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2020-130 Software product security information",
"trust": 0.8,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=178501"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 1.7,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.7,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.7,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"trust": 1.7,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99394498/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94912830/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4248/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3823"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161830/red-hat-security-advisory-2021-0860-01.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49767"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162651/red-hat-security-advisory-2021-1846-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3875/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520510"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2694/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2375/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2775/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1066"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1804/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1961/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1512"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48902"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-60182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1703"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2714/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160548/red-hat-security-advisory-2020-5412-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660.3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1863/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1916"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1519"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052207"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0585"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2660/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4421/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0620"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1351"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0583"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012403"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072824"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3663"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164887/red-hat-security-advisory-2021-4142-02.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6393"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://github.com/pingidentity/ldapsdk/releases"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1043"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "168304"
},
{
"db": "PACKETSTORM",
"id": "171213"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2022-09-08T14:41:25",
"db": "PACKETSTORM",
"id": "168304"
},
{
"date": "2023-03-02T15:19:28",
"db": "PACKETSTORM",
"id": "171213"
},
{
"date": "2023-03-02T15:19:19",
"db": "PACKETSTORM",
"id": "171212"
},
{
"date": "2023-01-31T17:21:40",
"db": "PACKETSTORM",
"id": "170821"
},
{
"date": "2023-01-31T17:16:43",
"db": "PACKETSTORM",
"id": "170817"
},
{
"date": "2020-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"date": "2020-04-29T21:15:11.743000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2022-02-16T03:20:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2420"
},
{
"date": "2023-11-07T03:14:27.553000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2420"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0273">var-200904-0273</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. Many security standards require the tracking of users' password history to
prevent password re-use. In Oracle 11g (11.1.0.6), if a security
administrator has enabled 11g passwords exclusively then tracking password
history is broken. This can affect compliance. This was addressed by Oracle
in their April 2009 Critical Patch Update and maps to the currently
unspecified vulnerability at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988
Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/</p>
<p>--
E-MAIL DISCLAIMER</p>
<p>The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged information. For those other than
the intended recipient(s), any disclosure, copying, distribution, or any
other action taken, or omitted to be taken, in reliance on such
information is prohibited and may be unlawful. If you are not the
intended recipient and have received this message in error, please
inform the sender and delete this mail and any attachments. </p>
<p>The views expressed in this email do not necessarily reflect NGS policy.
NGS accepts no liability or responsibility for any onward transmission
or use of emails and attachments having left the NGS domain. </p>
<p>NGS and NGSSoftware are trading names of Next Generation Security
Software Ltd. Registered office address: Manchester Technology Centre,
Oxford Road, Manchester, M1 7EF with Company Number 04225835 and
VAT Number 783096402
. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0273" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0273" aria-expanded="false" aria-controls="collapseJsonvar-200904-0273">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0273&t=Vulnerability var-200904-0273" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0273&title=Vulnerability var-200904-0273" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0273&url=https://vulnerability.circl.lu/vuln/var-200904-0273" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0273&title=Vulnerability var-200904-0273" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0273&description=Vulnerability var-200904-0273" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0273&title=Vulnerability var-200904-0273" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0273')" vuln-id="var-200904-0273" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0273">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0273">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0988",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0988",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Many security standards require the tracking of users\u0027 password history to \nprevent password re-use. In Oracle 11g (11.1.0.6), if a security \nadministrator has enabled 11g passwords exclusively then tracking password \nhistory is broken. This can affect compliance. This was addressed by Oracle \nin their April 2009 Critical Patch Update and maps to the currently \nunspecified vulnerability at \nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988\nCheers,\nDavid Litchfield\nNGSSoftware Ltd\nhttp://www.ngssoftware.com/\n\n--\nE-MAIL DISCLAIMER\n\nThe information contained in this email and any subsequent\ncorrespondence is private, is solely for the intended recipient(s) and\nmay contain confidential or privileged information. For those other than\nthe intended recipient(s), any disclosure, copying, distribution, or any\nother action taken, or omitted to be taken, in reliance on such\ninformation is prohibited and may be unlawful. If you are not the\nintended recipient and have received this message in error, please\ninform the sender and delete this mail and any attachments. \n\nThe views expressed in this email do not necessarily reflect NGS policy. \nNGS accepts no liability or responsibility for any onward transmission\nor use of emails and attachments having left the NGS domain. \n\nNGS and NGSSoftware are trading names of Next Generation Security\nSoftware Ltd. Registered office address: Manchester Technology Centre,\nOxford Road, Manchester, M1 7EF with Company Number 04225835 and\nVAT Number 783096402\n. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0988",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53740",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "80626",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"id": "VAR-200904-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:16:25.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53740"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0988"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2009-08-26T00:13:44",
"db": "PACKETSTORM",
"id": "80626"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.593000",
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2012-10-23T03:04:26.570000",
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Password Policy Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201503-0050">var-201503-0050</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability.
A remote attacker may exploit this issue to trigger denial-of-service conditions.
Versions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================
Ubuntu Security Notice USN-2523-1
March 10, 2015</p>
<h1>apache2 vulnerabilities</h1>
<p>A security issue affects these releases of Ubuntu and its derivatives:</p>
<ul>
<li>Ubuntu 14.10</li>
<li>Ubuntu 14.04 LTS</li>
<li>Ubuntu 12.04 LTS</li>
<li>Ubuntu 10.04 LTS</li>
</ul>
<p>Summary:</p>
<p>Several security issues were fixed in the Apache HTTP Server. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)</p>
<p>Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly
handled long response headers. This
issue only affected Ubuntu 14.10. (CVE-2014-3583)</p>
<p>It was discovered that the mod_lua module incorrectly handled different
arguments within different contexts. This issue only affected
Ubuntu 14.10. (CVE-2014-8109)</p>
<p>Guido Vranken discovered that the mod_lua module incorrectly handled a
specially crafted websocket PING in certain circumstances. This issue only affected
Ubuntu 14.10. (CVE-2015-0228)</p>
<p>Update instructions:</p>
<p>The problem can be corrected by updating your system to the following
package versions:</p>
<p>Ubuntu 14.10:
apache2.2-bin 2.4.10-1ubuntu1.1</p>
<p>Ubuntu 14.04 LTS:
apache2.2-bin 2.4.7-1ubuntu4.4</p>
<p>Ubuntu 12.04 LTS:
apache2.2-bin 2.2.22-1ubuntu1.8</p>
<p>Ubuntu 10.04 LTS:
apache2.2-bin 2.2.14-5ubuntu8.15</p>
<p>In general, a standard system update will make all the necessary changes. </p>
<p>A race condition flaw, leading to heap-based buffer overflows,
was found in the mod_status httpd module. </p>
<p>mod_lua.c in the mod_lua module in the Apache HTTP Server through
2.4.10 does not support an httpd configuration in which the same
Lua authorization provider is used with different arguments within
different contexts, which allows remote attackers to bypass intended
access restrictions in opportunistic circumstances by leveraging
multiple Require directives, as demonstrated by a configuration that
specifies authorization for one group to access a certain directory,
and authorization for a second group to access a second directory
(CVE-2014-8109). A malicious client could
use Trailer headers to set additional HTTP headers after header
processing was performed by other modules. This could, for example,
lead to a bypass of header restrictions defined with mod_headers
(CVE-2013-5704). </p>
<p>Note: With this update, httpd has been modified to not merge HTTP
Trailer headers with other HTTP request headers. A newly introduced
configuration directive MergeTrailers can be used to re-enable the
old method of processing Trailer headers, which also re-introduces
the aforementioned flaw. </p>
<p>This update also fixes the following bug:</p>
<p>Prior to this update, the mod_proxy_wstunnel module failed to set
up an SSL connection when configured to use a back end server using
the wss: URL scheme, causing proxied connections to fail. In these
updated packages, SSL is used when proxying to wss: back end servers
(rhbz#1141950). The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:</p>
<p>gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98</p>
<p>You can view other update advisories for Mandriva Linux at:</p>
<p>http://www.mandriva.com/en/support/security/advisories/</p>
<p>If you want to report vulnerabilities, please contact</p>
<p>security_(at)_mandriva.com</p>
<hr />
<p>Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)</p>
<p>iD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ
7XU6s8wMPlxQucpKSIVIKYI=
=4uS5
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: httpd24-httpd security update
Advisory ID: RHSA-2015:1666-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html
Issue date: 2015-08-24
CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183
CVE-2015-3185
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>Updated httpd24-httpd packages that fix multiple security issues are now
available for Red Hat Software Collections 2. </p>
<p>Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64</p>
<ol>
<li></li>
</ol>
<p>Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)</p>
<p>It was discovered that in httpd 2.4, the internal API function
ap_some_auth_required() could incorrectly indicate that a request was
authenticated even when no authentication was used. An httpd module using
this API function could consequently allow access that should have been
denied. (CVE-2015-3185)</p>
<p>Note: This update introduces new a new API function,
ap_some_authn_required(), which correctly indicates if a request is
authenticated. External httpd modules using the old API function should be
modified to use the new one to completely resolve this issue. </p>
<p>A denial of service flaw was found in the way the mod_lua httpd module
processed certain WebSocket Ping requests. (CVE-2015-0228)</p>
<p>A NULL pointer dereference flaw was found in the way httpd generated
certain error responses. A remote attacker could possibly use this flaw to
crash the httpd child process using a request that triggers a certain HTTP
error. (CVE-2015-0253)</p>
<p>All httpd24-httpd users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd24-httpd service will be restarted
automatically. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug
1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser
1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):</p>
<p>Source:
httpd24-httpd-2.4.12-4.el6.2.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):</p>
<p>Source:
httpd24-httpd-2.4.12-4.el6.2.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):</p>
<p>Source:
httpd24-httpd-2.4.12-4.el6.2.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):</p>
<p>Source:
httpd24-httpd-2.4.12-4.el6.2.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm
httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm
httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
httpd24-httpd-2.4.12-6.el7.1.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):</p>
<p>Source:
httpd24-httpd-2.4.12-6.el7.1.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
httpd24-httpd-2.4.12-6.el7.1.src.rpm</p>
<p>noarch:
httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm</p>
<p>x86_64:
httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm
httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm
httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2015-0228
https://access.redhat.com/security/cve/CVE-2015-0253
https://access.redhat.com/security/cve/CVE-2015-3183
https://access.redhat.com/security/cve/CVE-2015-3185
https://access.redhat.com/security/updates/classification/#moderate</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H
y5DWl0MjeqKeAOHiddwyDdU=
=yzQP
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. These issues were addressed by updating Apache to
version 2.4.16.
CVE-ID
CVE-2013-5704
CVE-2014-3581
CVE-2014-3583
CVE-2014-8109
CVE-2015-0228
CVE-2015-0253
CVE-2015-3183
CVE-2015-3185</p>
<p>BIND
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in BIND, the most severe of which
may allow a remote attacker to cause a denial of service
Description: Multiple vulnerabilities existed in BIND versions prior
to 9.9.7. These issues were addressed by updating BIND to version
9.9.7.
CVE-ID
CVE-2014-8500
CVE-2015-1349</p>
<p>PostgreSQL
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PostgreSQL versions
prior to 9.3.9. These issues were addressed by updating PostgreSQL to
version 9.3.9.
CVE-ID
CVE-2014-0067
CVE-2014-8161
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2015-3165
CVE-2015-3166
CVE-2015-3167</p>
<p>Wiki Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple XML security issues in Wiki Server
Description: Multiple XML vulnerabilities existed in Wiki Server
based on Twisted. This issue was addressed by removing Twisted.
CVE-ID
CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research
Center</p>
<p>OS X Server 5.0.3 may be obtained from the Mac App Store. </p>
<p>Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
* CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local
URL-path with the INCLUDES filter active, introduced in 2.4.11.
* CVE-2015-3183: core: Fix chunk header parsing defect. Remove
apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN
filter, parse chunks in a single pass with zero copy. Limit accepted
chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.
* CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache
httpd 2.4) with new ap_some_authn_required and ap_force_authn hook.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
(<em> Security fix </em>)
+--------------------------+</p>
<p>Where to find the new packages:
+-----------------------------+</p>
<p>Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)</p>
<p>Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you. </p>
<p>Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz</p>
<p>Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz</p>
<p>Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz</p>
<p>Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz</p>
<p>Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz</p>
<p>Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz</p>
<p>MD5 signatures:
+-------------+</p>
<p>Slackware 14.0 package:
d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz</p>
<p>Slackware x86_64 14.0 package:
1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz</p>
<p>Slackware 14.1 package:
ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz</p>
<p>Slackware x86_64 14.1 package:
8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz</p>
<p>Slackware -current package:
01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz</p>
<p>Slackware x86_64 -current package:
70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz</p>
<p>Installation instructions:
+------------------------+</p>
<p>Upgrade the package as root:</p>
<h1>upgradepkg httpd-2.4.16-i486-1_slack14.1.txz</h1>
<p>Then, restart Apache httpd:</p>
<h1>/etc/rc.d/rc.httpd stop</h1>
<h1>/etc/rc.d/rc.httpd start</h1>
<p>+-----+</p>
<p>Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com</p>
<p>+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201503-0050" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201503-0050" aria-expanded="false" aria-controls="collapseJsonvar-201503-0050">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201503-0050&t=Vulnerability var-201503-0050" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201503-0050&title=Vulnerability var-201503-0050" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201503-0050&url=https://vulnerability.circl.lu/vuln/var-201503-0050" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201503-0050&title=Vulnerability var-201503-0050" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201503-0050&description=Vulnerability var-201503-0050" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201503-0050&title=Vulnerability var-201503-0050" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201503-0050')" vuln-id="var-201503-0050" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201503-0050">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201503-0050">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "lte",
"trust": 1.8,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.4,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.0.3 (os x yosemite v10.10.5 or later )"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "13.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x5.0.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.13"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0228",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0228",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-136",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78174",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0228",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability. \nA remote attacker may exploit this issue to trigger denial-of-service conditions. \nVersions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================\nUbuntu Security Notice USN-2523-1\nMarch 10, 2015\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\nhandled long response headers. This\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different\narguments within different contexts. This issue only affected\nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a\nspecially crafted websocket PING in certain circumstances. This issue only affected\nUbuntu 14.10. (CVE-2015-0228)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n apache2.2-bin 2.4.10-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n apache2.2-bin 2.4.7-1ubuntu4.4\n\nUbuntu 12.04 LTS:\n apache2.2-bin 2.2.22-1ubuntu1.8\n\nUbuntu 10.04 LTS:\n apache2.2-bin 2.2.14-5ubuntu8.15\n\nIn general, a standard system update will make all the necessary changes. \n \n A race condition flaw, leading to heap-based buffer overflows,\n was found in the mod_status httpd module. \n \n mod_lua.c in the mod_lua module in the Apache HTTP Server through\n 2.4.10 does not support an httpd configuration in which the same\n Lua authorization provider is used with different arguments within\n different contexts, which allows remote attackers to bypass intended\n access restrictions in opportunistic circumstances by leveraging\n multiple Require directives, as demonstrated by a configuration that\n specifies authorization for one group to access a certain directory,\n and authorization for a second group to access a second directory\n (CVE-2014-8109). A malicious client could\n use Trailer headers to set additional HTTP headers after header\n processing was performed by other modules. This could, for example,\n lead to a bypass of header restrictions defined with mod_headers\n (CVE-2013-5704). \n \n Note: With this update, httpd has been modified to not merge HTTP\n Trailer headers with other HTTP request headers. A newly introduced\n configuration directive MergeTrailers can be used to re-enable the\n old method of processing Trailer headers, which also re-introduces\n the aforementioned flaw. \n \n This update also fixes the following bug:\n \n Prior to this update, the mod_proxy_wstunnel module failed to set\n up an SSL connection when configured to use a back end server using\n the wss: URL scheme, causing proxied connections to fail. In these\n updated packages, SSL is used when proxying to wss: back end servers\n (rhbz#1141950). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ\n7XU6s8wMPlxQucpKSIVIKYI=\n=4uS5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd security update\nAdvisory ID: RHSA-2015:1666-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html\nIssue date: 2015-08-24\nCVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 \n CVE-2015-3185 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd24-httpd packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nIt was discovered that in httpd 2.4, the internal API function\nap_some_auth_required() could incorrectly indicate that a request was\nauthenticated even when no authentication was used. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. (CVE-2015-3185)\n\nNote: This update introduces new a new API function,\nap_some_authn_required(), which correctly indicates if a request is\nauthenticated. External httpd modules using the old API function should be\nmodified to use the new one to completely resolve this issue. \n\nA denial of service flaw was found in the way the mod_lua httpd module\nprocessed certain WebSocket Ping requests. (CVE-2015-0228)\n\nA NULL pointer dereference flaw was found in the way httpd generated\ncertain error responses. A remote attacker could possibly use this flaw to\ncrash the httpd child process using a request that triggers a certain HTTP\nerror. (CVE-2015-0253)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0228\nhttps://access.redhat.com/security/cve/CVE-2015-0253\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3185\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H\ny5DWl0MjeqKeAOHiddwyDdU=\n=yzQP\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These issues were addressed by updating Apache to\nversion 2.4.16. \nCVE-ID\nCVE-2013-5704\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\nBIND\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in BIND, the most severe of which\nmay allow a remote attacker to cause a denial of service\nDescription: Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7. These issues were addressed by updating BIND to version\n9.9.7. \nCVE-ID\nCVE-2014-8500\nCVE-2015-1349\n\nPostgreSQL\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PostgreSQL versions\nprior to 9.3.9. These issues were addressed by updating PostgreSQL to\nversion 9.3.9. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\nCVE-2015-3165\nCVE-2015-3166\nCVE-2015-3167\n\nWiki Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple XML security issues in Wiki Server\nDescription: Multiple XML vulnerabilities existed in Wiki Server\nbased on Twisted. This issue was addressed by removing Twisted. \nCVE-ID\nCVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research\nCenter\n\n\nOS X Server 5.0.3 may be obtained from the Mac App Store. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. \n This update fixes the following security issues:\n * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local\n URL-path with the INCLUDES filter active, introduced in 2.4.11. \n * CVE-2015-3183: core: Fix chunk header parsing defect. Remove\n apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n filter, parse chunks in a single pass with zero copy. Limit accepted\n chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. \n * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache\n httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz\n\nSlackware x86_64 -current package:\n70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.16-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0228",
"trust": 3.4
},
{
"db": "BID",
"id": "91787",
"trust": 2.1
},
{
"db": "BID",
"id": "73041",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1032967",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133281",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132743",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78174",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131098",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133619",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"id": "VAR-201503-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T00:52:18.384000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "APPLE-SA-2015-09-16-4 OS X Server 5.0.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html"
},
{
"title": "HT205219",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205219"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205219",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205219"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
},
{
"title": "Apache 2.4.13",
"trust": 0.8,
"url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes"
},
{
"title": "*) SECURITY: CVE-2015-0228 (cve.mitre.org)",
"trust": 0.8,
"url": "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "modules-lua-lua_request.c",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54055"
},
{
"title": "Red Hat: CVE-2015-0228",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0228"
},
{
"title": "Amazon Linux AMI: ALAS-2015-579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-579"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2523-1"
},
{
"title": "DC-2: Vulnhub Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodansearch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://advisories.mageia.org/mgasa-2015-0099.html"
},
{
"trust": 2.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1666.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2523-1"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/73041"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205219"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032967"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html"
},
{
"trust": 1.2,
"url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes"
},
{
"trust": 1.2,
"url": "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"trust": 1.2,
"url": "https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0228"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef"
},
{
"trust": 0.6,
"url": "https://github.com/apache/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/branches/2.4.x/changes"
},
{
"trust": 0.6,
"url": "http://svn.apache.org/repos/asf/"
},
{
"trust": 0.6,
"url": "httpd/commit/78eb3b9235515652ed141353d98c239237030410"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0228"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2523-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.15"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0305.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5704"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0527.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5704"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0118"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0135.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0011.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6438"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3581"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0117"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0253"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3166"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3165"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0244"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78174"
},
{
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "73041"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "131098"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "PACKETSTORM",
"id": "133619"
},
{
"db": "PACKETSTORM",
"id": "132743"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78174"
},
{
"date": "2015-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2015-03-11T00:00:00",
"db": "BID",
"id": "73041"
},
{
"date": "2015-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"date": "2015-03-10T16:02:55",
"db": "PACKETSTORM",
"id": "130735"
},
{
"date": "2015-03-30T21:25:14",
"db": "PACKETSTORM",
"id": "131098"
},
{
"date": "2015-08-24T22:06:47",
"db": "PACKETSTORM",
"id": "133281"
},
{
"date": "2015-09-19T15:37:27",
"db": "PACKETSTORM",
"id": "133619"
},
{
"date": "2015-07-20T15:45:36",
"db": "PACKETSTORM",
"id": "132743"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"date": "2015-03-08T02:59:00.073000",
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-78174"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0228"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-20T12:03:00",
"db": "BID",
"id": "73041"
},
{
"date": "2016-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001673"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-136"
},
{
"date": "2023-11-07T02:23:19.863000",
"db": "NVD",
"id": "CVE-2015-0228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130735"
},
{
"db": "PACKETSTORM",
"id": "133281"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server of mod_lua Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-136"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0428">var-200904-0428</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0428" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0428" aria-expanded="false" aria-controls="collapseJsonvar-200904-0428">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0428&t=Vulnerability var-200904-0428" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0428&title=Vulnerability var-200904-0428" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0428&url=https://vulnerability.circl.lu/vuln/var-200904-0428" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0428&title=Vulnerability var-200904-0428" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0428&description=Vulnerability var-200904-0428" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0428&title=Vulnerability var-200904-0428" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0428')" vuln-id="var-200904-0428" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0428">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0428">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "8.3.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "6.1.5.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "6.0.1.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "8"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.5.3 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.2 cf25"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0.0.1 cf08"
},
{
"model": "websphere portal",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "7"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.6 cf27"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1008",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-325",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1008",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53747",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"id": "VAR-200904-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:13:50.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "1660640",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"title": "1660774",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660774"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53747"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1008"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1008"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.953000",
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2014-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001238"
},
{
"date": "2016-11-22T16:13:10.267000",
"db": "NVD",
"id": "CVE-2009-1008"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Outside In Technology Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-325"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202001-1869">var-202001-1869</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202001-1869" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202001-1869" aria-expanded="false" aria-controls="collapseJsonvar-202001-1869">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202001-1869&t=Vulnerability var-202001-1869" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202001-1869&title=Vulnerability var-202001-1869" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202001-1869&url=https://vulnerability.circl.lu/vuln/var-202001-1869" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202001-1869&title=Vulnerability var-202001-1869" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202001-1869&description=Vulnerability var-202001-1869" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202001-1869&title=Vulnerability var-202001-1869" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202001-1869')" vuln-id="var-202001-1869" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202001-1869">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202001-1869">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "insurance calculation engine",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.20"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "insurance calculation engine",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.12"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "spring framework",
"scope": null,
"trust": 0.8,
"vendor": "pivotal",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.12",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eric Zimanyi from Google",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
},
"cve": "CVE-2020-5397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5397",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-183522",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@pivotal.io",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-5397",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5397",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security@pivotal.io",
"id": "CVE-2020-5397",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-183522",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "VULHUB",
"id": "VHN-183522"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5397",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48040",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"id": "VAR-202001-1869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:12.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2020-5397"
},
{
"title": "Pivotal Software Spring Framework Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=107142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://pivotal.io/security/cve-2020-5397"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5397"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5397"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48040"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/spring-framework-cross-site-request-forgery-via-cors-preflight-requests-31363"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183522"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-183522"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"date": "2020-01-17T19:15:14.727000",
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"date": "2020-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-183522"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001404"
},
{
"date": "2022-07-25T18:15:30.737000",
"db": "NVD",
"id": "CVE-2020-5397"
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001404"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-841"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0259">var-200904-0259</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0259" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0259" aria-expanded="false" aria-controls="collapseJsonvar-200904-0259">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0259&t=Vulnerability var-200904-0259" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0259&title=Vulnerability var-200904-0259" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0259&url=https://vulnerability.circl.lu/vuln/var-200904-0259" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0259&title=Vulnerability var-200904-0259" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0259&description=Vulnerability var-200904-0259" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0259&title=Vulnerability var-200904-0259" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0259')" vuln-id="var-200904-0259" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0259">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0259">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0973",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0973",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0973",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0973",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53736",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"id": "VAR-200904-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:15:59.966000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53736"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.327000",
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2012-10-23T03:04:22.633000",
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Cluster Ready Services Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0419">var-200904-0419</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0419" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0419" aria-expanded="false" aria-controls="collapseJsonvar-200904-0419">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0419&t=Vulnerability var-200904-0419" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0419&title=Vulnerability var-200904-0419" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0419&url=https://vulnerability.circl.lu/vuln/var-200904-0419" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0419&title=Vulnerability var-200904-0419" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0419&description=Vulnerability var-200904-0419" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0419&title=Vulnerability var-200904-0419" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0419')" vuln-id="var-200904-0419" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0419">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0419">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "8.9.18"
},
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.0.8"
},
{
"model": "peoplesoft enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "*"
},
{
"model": "jd edwards enterpriseone",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.9.18 and 9.0.8"
},
{
"model": "peoplesoft products",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "peoplesoft enterprise",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.9.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone:9.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0998",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0998",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-316",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0998",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "53758",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"id": "VAR-200904-0419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:04:50.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/53758"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0998"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0998"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.780000",
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004530"
},
{
"date": "2012-10-23T03:04:28.913000",
"db": "NVD",
"id": "CVE-2009-0998"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle PeopleSoft Enterprise Of products such as PeopleSoft Enterprise HRMS - eBenefits Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-316"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0270">var-200904-0270</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0270" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0270" aria-expanded="false" aria-controls="collapseJsonvar-200904-0270">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0270&t=Vulnerability var-200904-0270" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0270&title=Vulnerability var-200904-0270" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0270&url=https://vulnerability.circl.lu/vuln/var-200904-0270" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0270&title=Vulnerability var-200904-0270" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0270&description=Vulnerability var-200904-0270" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0270&title=Vulnerability var-200904-0270" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0270')" vuln-id="var-200904-0270" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0270">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0270">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0984",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0984",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0984",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"id": "VAR-200904-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:24:38.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.530000",
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2012-10-23T03:04:25.490000",
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Database Vault Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202201-1553">var-202201-1553</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Xerces is an open source project for XML document parsing promoted by the Apache organization. Description:</p>
<p>Red Hat Process Automation Manager is an open source business process
management suite that combines process management and decision service
management and enables business and IT users to create, manage, validate,
and deploy process applications and decision services. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>chart.js: prototype pollution (CVE-2020-7746)</p>
</li>
<li>
<p>moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</p>
</li>
<li>
<p>package immer before 9.0.6. After installing
the update, restart the server by starting the JBoss Application Server
process. </p>
</li>
</ul>
<p>The References section of this erratum contains a download link. You must
log in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Advisory ID: RHSA-2022:4918-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4918
Issue date: 2022-06-06
CVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137
CVE-2021-42392 CVE-2021-43797 CVE-2022-0084
CVE-2022-0853 CVE-2022-0866 CVE-2022-1319
CVE-2022-21299 CVE-2022-21363 CVE-2022-23221
CVE-2022-23437 CVE-2022-23913 CVE-2022-24785
====================================================================
1. Summary:</p>
<p>A security update is now available for Red Hat JBoss Enterprise Application
Platform 7.4 for Red Hat Enterprise Linux 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.4.5 Release Notes for information about the most
significant bug fixes and enhancements included in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>h2: Loading of custom classes from remote servers through JNDI
(CVE-2022-23221)</p>
</li>
<li>
<p>jackson-databind: denial of service via a large depth of nested objects
(CVE-2020-36518)</p>
</li>
<li>
<p>netty-codec: Bzip2Decoder doesn't allow setting size restrictions for
decompressed data (CVE-2021-37136)</p>
</li>
<li>
<p>netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may
buffer skippable chunks in an unnecessary way (CVE-2021-37137)</p>
</li>
<li>
<p>h2: Remote Code Execution in Console (CVE-2021-42392)</p>
</li>
<li>
<p>netty: control chars in header names may lead to HTTP request smuggling
(CVE-2021-43797)</p>
</li>
<li>
<p>xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of
stderr (CVE-2022-0084)</p>
</li>
<li>
<p>wildfly: Wildfly management of EJB Session context returns wrong caller
principal with Elytron Security enabled (CVE-2022-0866)</p>
</li>
<li>
<p>undertow: Double AJP response for 400 from EAP 7 results in CPING
failures (CVE-2022-1319)</p>
</li>
<li>
<p>OpenJDK: Infinite loop related to incorrect handling of newlines in
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)</p>
</li>
<li>
<p>mysql-connector-java: Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Connectors (CVE-2022-21363)</p>
</li>
<li>
<p>xerces-j2: infinite loop when handling specially crafted XML document
payloads (CVE-2022-23437)</p>
</li>
<li>
<p>artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)</p>
</li>
<li>
<p>Moment.js: Path traversal in moment.locale (CVE-2022-24785)</p>
</li>
<li>
<p>jboss-client: memory leakage in remote client transaction (CVE-2022-0853)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI
2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7
JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001
JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001
JBEAP-23241 - <a href="7.4.z">GSS</a> Upgrade jberet from 1.3.9 to 1.3.9.SP1
JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042
JBEAP-23300 - <a href="7.4.z">GSS</a> Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1
JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001
JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001
JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002
JBEAP-23338 - <a href="7.4.z">GSS</a> Upgrade Undertow from 2.2.16 to 2.2.17.SP3
JBEAP-23339 - <a href="7.4.z">GSS</a> Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1
JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002
JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x
JBEAP-23429 - <a href="7.4.z">PM</a> JDK17 Update Tested Configurations page and make note in Update release notes
JBEAP-23432 - <a href="7.4.z">GSS</a> Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05
JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003
JBEAP-23531 - <a href="7.4.z">GSS</a> Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4
JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss EAP 7.4 for RHEL 7 Server:</p>
<p>Source:
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm
eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm
eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm
eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm</p>
<p>noarch:
eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm
eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm
eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm
eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm
eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm
eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm
eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm
eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm
eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm
eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm
eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm
eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm
eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm</p>
<p>x86_64:
eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm
eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-36518
https://access.redhat.com/security/cve/CVE-2021-37136
https://access.redhat.com/security/cve/CVE-2021-37137
https://access.redhat.com/security/cve/CVE-2021-42392
https://access.redhat.com/security/cve/CVE-2021-43797
https://access.redhat.com/security/cve/CVE-2022-0084
https://access.redhat.com/security/cve/CVE-2022-0853
https://access.redhat.com/security/cve/CVE-2022-0866
https://access.redhat.com/security/cve/CVE-2022-1319
https://access.redhat.com/security/cve/CVE-2022-21299
https://access.redhat.com/security/cve/CVE-2022-21363
https://access.redhat.com/security/cve/CVE-2022-23221
https://access.redhat.com/security/cve/CVE-2022-23437
https://access.redhat.com/security/cve/CVE-2022-23913
https://access.redhat.com/security/cve/CVE-2022-24785
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk
27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV
hFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh
+8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua
qU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ
8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01
/yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r
qDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+
z8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y
wf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C
StEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G
R+RN8v8nzXQ{m6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202201-1553" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202201-1553" aria-expanded="false" aria-controls="collapseJsonvar-202201-1553">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202201-1553&t=Vulnerability var-202201-1553" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202201-1553&title=Vulnerability var-202201-1553" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202201-1553&url=https://vulnerability.circl.lu/vuln/var-202201-1553" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202201-1553&title=Vulnerability var-202201-1553" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202201-1553&description=Vulnerability var-202201-1553" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202201-1553&title=Vulnerability var-202201-1553" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202201-1553')" vuln-id="var-202201-1553" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202201-1553">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202201-1553">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.3.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.8"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.14"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking deposits and lines of credit servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"model": "xerces-j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.0"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "health sciences information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "communications element manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session report manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.2.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.1"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.13"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.2.0"
},
{
"model": "communications session route manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "banking party management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "health sciences information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.5"
},
{
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.1"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.30"
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer professional",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle retail bulk data integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle ilearning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle retail extract transform and load",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle financial services enterprise case management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "communications session route manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle communications session element manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server standard-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "xerces2 java",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle financial services behavior detection platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.9.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.8.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.2.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.9.4.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.8",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.13",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.14",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
}
],
"trust": 0.4
},
"cve": "CVE-2022-23437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23437",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-412572",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23437",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23437",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-412572",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-23437",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Xerces is an open source project for XML document parsing promoted by the Apache organization. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7\nAdvisory ID: RHSA-2022:4918-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4918\nIssue date: 2022-06-06\nCVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137\n CVE-2021-42392 CVE-2021-43797 CVE-2022-0084\n CVE-2022-0853 CVE-2022-0866 CVE-2022-1319\n CVE-2022-21299 CVE-2022-21363 CVE-2022-23221\n CVE-2022-23437 CVE-2022-23913 CVE-2022-24785\n====================================================================\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI\n(CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling\n(CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller\nprincipal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING\nfailures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in\nXMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document\npayloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)\n2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7\nJBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001\nJBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001\nJBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1\nJBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042\nJBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1\nJBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001\nJBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001\nJBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002\nJBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3\nJBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1\nJBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002\nJBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x\nJBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes\nJBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05\nJBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003\nJBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4\nJBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm\neap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm\neap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm\neap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm\neap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm\neap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm\neap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm\neap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm\neap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm\neap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm\neap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm\neap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-37136\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2021-42392\nhttps://access.redhat.com/security/cve/CVE-2021-43797\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/cve/CVE-2022-0853\nhttps://access.redhat.com/security/cve/CVE-2022-0866\nhttps://access.redhat.com/security/cve/CVE-2022-1319\nhttps://access.redhat.com/security/cve/CVE-2022-21299\nhttps://access.redhat.com/security/cve/CVE-2022-21363\nhttps://access.redhat.com/security/cve/CVE-2022-23221\nhttps://access.redhat.com/security/cve/CVE-2022-23437\nhttps://access.redhat.com/security/cve/CVE-2022-23913\nhttps://access.redhat.com/security/cve/CVE-2022-24785\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk\n27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV\nhFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh\n+8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua\nqU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ\n8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01\n/yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r\nqDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+\nz8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y\nwf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C\nStEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G\nR+RN8v8nzXQ{m6\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-412572",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23437",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/24/3",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168638",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072056",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012503",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041946",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042289",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072096",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060838",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042544",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071806",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0760",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2799",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-14709",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-412572",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-23437",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"id": "VAR-202201-1553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-12T23:31:51.191000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2022-129 Software product security information",
"trust": 0.8,
"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl"
},
{
"title": "Xerces Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=183803"
},
{
"title": "Debian CVElist Bug Report Logs: libxerces2-java: CVE-2022-23437",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a1fbd856d1d488007b4277fd666e30c1"
},
{
"title": "Red Hat: CVE-2022-23437",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-23437"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus XML Processor",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-129"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224922 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224919 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224918 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.13.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226813 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-136"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "BLIND XPath injection (CWE-91) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-91",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20221028-0005/"
},
{
"trust": 1.8,
"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/24/3"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2799"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167423/red-hat-security-advisory-2022-4918-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-xerces-java-overload-37356"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0760"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072056"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060838"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042289"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041946"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012503"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071806"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168638/red-hat-security-advisory-2022-6813-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23437"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23221"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1319"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1319"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0853"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0853"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4919"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4922"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-412572"
},
{
"date": "2022-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"date": "2022-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"date": "2022-10-06T12:37:43",
"db": "PACKETSTORM",
"id": "168638"
},
{
"date": "2022-06-07T15:15:05",
"db": "PACKETSTORM",
"id": "167424"
},
{
"date": "2022-06-07T15:14:53",
"db": "PACKETSTORM",
"id": "167423"
},
{
"date": "2022-06-07T15:14:37",
"db": "PACKETSTORM",
"id": "167422"
},
{
"date": "2022-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"date": "2022-01-24T15:15:09.317000",
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-412572"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"date": "2022-11-02T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Xerces\u00a0Java\u00a0XML\u00a0 Blinds in parsers \u00a0XPath\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0272">var-200904-0272</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0272" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0272" aria-expanded="false" aria-controls="collapseJsonvar-200904-0272">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0272&t=Vulnerability var-200904-0272" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0272&title=Vulnerability var-200904-0272" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0272&url=https://vulnerability.circl.lu/vuln/var-200904-0272" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0272&title=Vulnerability var-200904-0272" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0272&description=Vulnerability var-200904-0272" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0272&title=Vulnerability var-200904-0272" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0272')" vuln-id="var-200904-0272" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0272">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0272">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_10g:10.2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_11g:11.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Multiple",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0986",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0986",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0986",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53735",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"id": "VAR-200904-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:01:27.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53735"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.563000",
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2012-10-23T03:04:26.007000",
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201101-0548">var-201101-0548</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Oracle has released advance notification regarding the January 2011 Critical Patch Update (CPU) to be released on January 18, 2011. The update addresses 66 vulnerabilities affecting the following software:
Oracle Database Server
Oracle Secure Backup
Oracle Fusion Middleware
Oracle Enterprise Manager Grid Control
Oracle Solaris products
Oracle Applications
Oracle Supply Chain Products Suite
Oracle PeopleSoft and JDEdwards Suite
Oracle Industry Applications
Oracle Sun Products
Oracle Open Office Suite
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.
This BID is being retired. The following individual records exist to better document these issues:
34083 Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
40235 MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
42202 OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities
42637 Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
43819 GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability
43965 Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability
43971 Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
43979 Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
43985 Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
43988 Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability
43992 Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability
43994 Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability
44009 Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
44011 Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
44012 Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
44013 Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability
44014 Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
44016 Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
44017 Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
44026 Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability
44027 Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
44028 Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability
44030 Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
44032 Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
44035 Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
44038 Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability
45844 Oracle Audit Vault CVE-2010-4449 Remote Code Execution Vulnerability
45845 Oracle Database Server CVE-2010-4413 Remote Scheduler Agent Vulnerability
45846 Oracle Document Capture CVE-2010-3598 Remote Vulnerability
45847 Oracle WebLogic Server CVE-2010-3510 Remote Security Vulnerability
45848 Oracle Fusion Middleware CVE-2010-4455 Remote Oracle HTTP Server Vulnerability
45849 Oracle Document Capture CVE-2010-3595 Remote Vulnerability
45850 Oracle Secure Backup CVE-2010-3596 Remote mod_ssl Vulnerability
45851 Oracle Document Capture CVE-2010-3591 Remote Vulnerability
45852 Oracle Fusion Middleware CVE-2010-4437 Remote Oracle WebLogic Server Vulnerability
45853 Oracle Solaris CVE-2010-4435 Remote CDE Calendar Manager Service Daemon Vulnerability
45854 Oracle Fusion Middleware CVE-2010-4417 Beehive Remote Code Execution Vulnerability
45855 Oracle Database Server CVE-2010-4420 Local Database Vault Vulnerability
45856 Oracle Document Capture CVE-2010-3599 Remote Vulnerability
45857 Oracle PeopleSoft Enterprise HRMS CVE-2010-4461 Remote Vulnerability
45858 Oracle Fusion Middleware CVE-2010-3588 Remote Oracle Discoverer Vulnerability
45859 Oracle Cluster Verify Utility CVE-2010-4423 Local Vulnerability
45860 Oracle Supply Chain Product CVE-2010-4429 Remote Security Vulnerability
45861 Oracle Application Object Library CVE-2010-3589 Remote Security Vulnerability
45862 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4424 Remote Vulnerability
45863 Oracle PeopleSoft Enterprise HRMS CVE-2010-4430 Remote Vulnerability
45864 Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability
45865 Oracle PeopleSoft CVE-2010-4418 Remote Enterprise PeopleTools Vulnerability
45866 Oracle PeopleSoft Enterprise HRMS CVE-2010-4439 Remote Vulnerability
45867 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4426 Remote Vulnerability
45868 Oracle Fusion Middleware CVE-2010-4416 Remote Oracle GoldenGate Veridata Vulnerability
45869 Oracle PeopleSoft Enterprise HRMS CVE-2010-4445 Remote Vulnerability
45870 Oracle E-Business Suite CVE-2010-3587 Common Applications Component Remote Vulnerability
45871 Oracle Document Capture CVE-2010-3592 Remote Vulnerability
45872 Oracle Supply Chain Product CVE-2010-3505 Remote Security Vulnerability
45873 Oracle PeopleSoft Enterprise HRMS CVE-2010-4428 Remote Vulnerability
45874 Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability
45875 Oracle Transportation Manager CVE-2010-4432 Remote Security Vulnerability
45876 Oracle VM VirtualBox CVE-2010-4414 Local Extensions Vulnerability
45877 Oracle Fusion Middleware CVE-2010-4453 Remote Oracle WebLogic Server Vulnerability
45878 Oracle Solaris CVE-2010-4459 Local Vulnerability
45879 Oracle PeopleSoft CVE-2010-4419 Remote Enterprise CRM Vulnerability
45880 Oracle Spatial CVE-2010-3590 Remote Security Vulnerability
45881 Oracle PeopleSoft CVE-2010-4441 Remote Enterprise HRMS Vulnerability
45883 Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
45884 Oracle OpenSSO and Java SAM CVE-2010-4444 Remote Vulnerability
45885 Oracle SunMC CVE-2010-4436 Remote Vulnerability
45886 Oracle Solaris CVE-2010-4443 Local Solaris Vulnerability
45887 Oracle Sun Convergence CVE-2010-4464 Remote Vulnerability
45888 Oracle Sun Solaris CVE-2010-4440 Local Security Vulnerability
45889 Oracle Solaris CVE-2010-4458 Local Solaris Vulnerability
45890 Oracle Sun GlassFish and Message Queue CVE-2010-4438 Local Security Vulnerability
45891 Oracle Solaris CVE-2010-4442 Local Kernel Vulnerability
45892 Oracle Sun Solaris CVE-2010-4446 Local Security Vulnerability
45893 Oracle Sun Solaris 10 CVE-2010-4433 Remote Security Vulnerability
45895 Oracle Solaris CVE-2010-4460 Local Solaris Vulnerability
45896 Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability
45897 Oracle BI Publisher CVE-2010-4425 Remote Security Vulnerability
45898 Oracle Sun Java System Portal Server CVE-2010-4431 Local Security Vulnerability
45899 Oracle PeopleSoft CVE-2010-4434 Remote Enterprise PeopleTools Vulnerability
45900 Oracle BI Publisher CVE-2010-4427 Remote Security Vulnerability
45901 Oracle Outside In Technology CVE-2010-3597 Local Security Vulnerability
45902 Oracle CVE-2010-3593 Remote Health Sciences - Oracle Argus Safety Vulnerability
45903 Oracle Sun Solaris CVE-2010-3586 Local Security Vulnerability
45904 Oracle Solaris CVE-2010-4415 Local 'libc' Vulnerability
45905 Oracle Database Vault CVE-2010-4421 Remote Security Vulnerability</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201101-0548" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201101-0548" aria-expanded="false" aria-controls="collapseJsonvar-201101-0548">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201101-0548&t=Vulnerability var-201101-0548" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201101-0548&title=Vulnerability var-201101-0548" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201101-0548&url=https://vulnerability.circl.lu/vuln/var-201101-0548" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201101-0548&title=Vulnerability var-201101-0548" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201101-0548&description=Vulnerability var-201101-0548" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201101-0548&title=Vulnerability var-201101-0548" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201101-0548')" vuln-id="var-201101-0548" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201101-0548">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201101-0548">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201101-0548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.2"
},
{
"model": "staroffice pp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 134",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "86"
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.6.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.2"
},
{
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "1.1.2-38.2.0.el3",
"scope": null,
"trust": 0.3,
"vendor": "openoffice",
"version": null
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q4 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 131",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "811"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.1"
},
{
"model": "opensolaris build snv 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2.1"
},
{
"model": "java system communications express 2005q1",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"model": "opensolaris build snv 125",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 133",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.0"
},
{
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 129",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2004q2 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "java system access manager 2004q2 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2x"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.013"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "opensolaris build snv 134a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.1"
},
{
"model": "convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "java system access manager 2004q2 solaris s",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "weblogic server ga",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "outside in",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3.0"
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "java system access manager 2005q1 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "opensolaris build snv 130",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "87"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "java system access manager 2005q1 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6x86"
},
{
"model": "staroffice pp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.1"
},
{
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.3"
},
{
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4.0"
},
{
"model": "java system access manager 2005q1 sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "agile core",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.0.2"
},
{
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"model": "java system access manager 2005q4 windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "secure backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.0.2"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.52"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.50"
},
{
"model": "solaris express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.5"
},
{
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "staroffice pp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"model": "java system access manager windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q4 solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0x"
},
{
"model": "opensolaris build snv 124",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice pp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.79"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.29"
},
{
"model": "opensolaris build snv 123",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.014"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.1"
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "86"
},
{
"model": "goldengate veridata",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0.4"
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.5"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.013"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.0"
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "agile core",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.1"
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.2"
},
{
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.3"
},
{
"model": "java system access manager linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "opensolaris build snv 128",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q4 solaris s",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.3"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.6"
},
{
"model": "java system access manager 2005q4 hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "starsuite pp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "weblogic server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "87"
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite pp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.2"
},
{
"model": "starsuite pp14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.012"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.4"
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 151a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3.2"
},
{
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1x86"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.5"
},
{
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.5"
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.0"
},
{
"model": "opensolaris build snv 132",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.03"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3.1"
},
{
"model": "starsuite pp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3-1"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1 windows",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.4"
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 137",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.6"
},
{
"model": "inform portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.0.6"
},
{
"model": "staroffice pp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "beehive",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.2.1"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.2"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.51"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "oracle11g standard edition r2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1"
},
{
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4.1"
},
{
"model": "enterprise manager real user experience insight",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.1"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "opensolaris build snv 122",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager solaris sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.3"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.9.125"
},
{
"model": "starsuite pp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8"
},
{
"model": "document capture",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "starsuite",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "management center",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system communications express 2004q2",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.0.1"
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "812"
},
{
"model": "opensolaris build snv 136",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "-9sarge3",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.3"
},
{
"model": "java system access manager 2005q1 solaris spa",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3"
},
{
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.011"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1212.1.3"
},
{
"model": "1.1.5-10.6.0.5.el4",
"scope": null,
"trust": 0.3,
"vendor": "openoffice",
"version": null
},
{
"model": "java system access manager 2005q1 linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "document capture",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "argus safety",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.4"
},
{
"model": "staroffice",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.1"
},
{
"model": "java system access manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.1"
},
{
"model": "peoplesoft enterprise customer relationship manage",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "staroffice pp13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7"
},
{
"model": "opensolaris snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 127",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system communications express 2005q4",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "1.1.51"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "starsuite pp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6"
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9.03"
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 135",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "java system access manager 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3x86"
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "staroffice update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.014"
}
],
"sources": [
{
"db": "BID",
"id": "45804"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "45804"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle has released advance notification regarding the January 2011 Critical Patch Update (CPU) to be released on January 18, 2011. The update addresses 66 vulnerabilities affecting the following software:\nOracle Database Server\nOracle Secure Backup\nOracle Fusion Middleware\nOracle Enterprise Manager Grid Control\nOracle Solaris products\nOracle Applications\nOracle Supply Chain Products Suite\nOracle PeopleSoft and JDEdwards Suite\nOracle Industry Applications\nOracle Sun Products\nOracle Open Office Suite\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.\nThis BID is being retired. The following individual records exist to better document these issues:\n34083 Sun Java System Communications Express Multiple HTML Injection Vulnerabilities\n40235 MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability\n42202 OpenOffice Impress File Multiple Buffer Overflow Vulnerabilities\n42637 Apache Derby \u0027BUILTIN\u0027 Authentication Insecure Password Hashing Vulnerability\n43819 GNU libc glob(3) \u0027GLOB_LIMIT\u0027 Remote Denial of Service Vulnerability\n43965 Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability\n43971 Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability\n43979 Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability\n43985 Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability\n43988 Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability\n43992 Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability\n43994 Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability\n44009 Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability\n44011 Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability\n44012 Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability\n44013 Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability\n44014 Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability\n44016 Oracle Java SE and Java for Business \u0027defaultReadObject\u0027 Remote Code Execution Vulnerability\n44017 Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability\n44026 Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability\n44027 Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability\n44028 Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability\n44030 Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability\n44032 Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability\n44035 Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability\n44038 Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability\n45844 Oracle Audit Vault CVE-2010-4449 Remote Code Execution Vulnerability\n45845 Oracle Database Server CVE-2010-4413 Remote Scheduler Agent Vulnerability\n45846 Oracle Document Capture CVE-2010-3598 Remote Vulnerability\n45847 Oracle WebLogic Server CVE-2010-3510 Remote Security Vulnerability\n45848 Oracle Fusion Middleware CVE-2010-4455 Remote Oracle HTTP Server Vulnerability\n45849 Oracle Document Capture CVE-2010-3595 Remote Vulnerability\n45850 Oracle Secure Backup CVE-2010-3596 Remote mod_ssl Vulnerability\n45851 Oracle Document Capture CVE-2010-3591 Remote Vulnerability\n45852 Oracle Fusion Middleware CVE-2010-4437 Remote Oracle WebLogic Server Vulnerability\n45853 Oracle Solaris CVE-2010-4435 Remote CDE Calendar Manager Service Daemon Vulnerability\n45854 Oracle Fusion Middleware CVE-2010-4417 Beehive Remote Code Execution Vulnerability\n45855 Oracle Database Server CVE-2010-4420 Local Database Vault Vulnerability\n45856 Oracle Document Capture CVE-2010-3599 Remote Vulnerability\n45857 Oracle PeopleSoft Enterprise HRMS CVE-2010-4461 Remote Vulnerability\n45858 Oracle Fusion Middleware CVE-2010-3588 Remote Oracle Discoverer Vulnerability\n45859 Oracle Cluster Verify Utility CVE-2010-4423 Local Vulnerability\n45860 Oracle Supply Chain Product CVE-2010-4429 Remote Security Vulnerability\n45861 Oracle Application Object Library CVE-2010-3589 Remote Security Vulnerability\n45862 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4424 Remote Vulnerability\n45863 Oracle PeopleSoft Enterprise HRMS CVE-2010-4430 Remote Vulnerability\n45864 Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability\n45865 Oracle PeopleSoft CVE-2010-4418 Remote Enterprise PeopleTools Vulnerability\n45866 Oracle PeopleSoft Enterprise HRMS CVE-2010-4439 Remote Vulnerability\n45867 Oracle PeopleSoft Enterprise PeopleTools CVE-2010-4426 Remote Vulnerability\n45868 Oracle Fusion Middleware CVE-2010-4416 Remote Oracle GoldenGate Veridata Vulnerability\n45869 Oracle PeopleSoft Enterprise HRMS CVE-2010-4445 Remote Vulnerability\n45870 Oracle E-Business Suite CVE-2010-3587 Common Applications Component Remote Vulnerability\n45871 Oracle Document Capture CVE-2010-3592 Remote Vulnerability\n45872 Oracle Supply Chain Product CVE-2010-3505 Remote Security Vulnerability\n45873 Oracle PeopleSoft Enterprise HRMS CVE-2010-4428 Remote Vulnerability\n45874 Oracle Enterprise Manager Real User Experience Insight (RUEI) SQL Injection Vulnerability\n45875 Oracle Transportation Manager CVE-2010-4432 Remote Security Vulnerability\n45876 Oracle VM VirtualBox CVE-2010-4414 Local Extensions Vulnerability\n45877 Oracle Fusion Middleware CVE-2010-4453 Remote Oracle WebLogic Server Vulnerability\n45878 Oracle Solaris CVE-2010-4459 Local Vulnerability\n45879 Oracle PeopleSoft CVE-2010-4419 Remote Enterprise CRM Vulnerability\n45880 Oracle Spatial CVE-2010-3590 Remote Security Vulnerability\n45881 Oracle PeopleSoft CVE-2010-4441 Remote Enterprise HRMS Vulnerability\n45883 Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability\n45884 Oracle OpenSSO and Java SAM CVE-2010-4444 Remote Vulnerability\n45885 Oracle SunMC CVE-2010-4436 Remote Vulnerability\n45886 Oracle Solaris CVE-2010-4443 Local Solaris Vulnerability\n45887 Oracle Sun Convergence CVE-2010-4464 Remote Vulnerability\n45888 Oracle Sun Solaris CVE-2010-4440 Local Security Vulnerability\n45889 Oracle Solaris CVE-2010-4458 Local Solaris Vulnerability\n45890 Oracle Sun GlassFish and Message Queue CVE-2010-4438 Local Security Vulnerability\n45891 Oracle Solaris CVE-2010-4442 Local Kernel Vulnerability\n45892 Oracle Sun Solaris CVE-2010-4446 Local Security Vulnerability\n45893 Oracle Sun Solaris 10 CVE-2010-4433 Remote Security Vulnerability\n45895 Oracle Solaris CVE-2010-4460 Local Solaris Vulnerability\n45896 Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability\n45897 Oracle BI Publisher CVE-2010-4425 Remote Security Vulnerability\n45898 Oracle Sun Java System Portal Server CVE-2010-4431 Local Security Vulnerability\n45899 Oracle PeopleSoft CVE-2010-4434 Remote Enterprise PeopleTools Vulnerability\n45900 Oracle BI Publisher CVE-2010-4427 Remote Security Vulnerability\n45901 Oracle Outside In Technology CVE-2010-3597 Local Security Vulnerability\n45902 Oracle CVE-2010-3593 Remote Health Sciences - Oracle Argus Safety Vulnerability\n45903 Oracle Sun Solaris CVE-2010-3586 Local Security Vulnerability\n45904 Oracle Solaris CVE-2010-4415 Local \u0027libc\u0027 Vulnerability\n45905 Oracle Database Vault CVE-2010-4421 Remote Security Vulnerability",
"sources": [
{
"db": "BID",
"id": "45804"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "45804",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "45804"
}
]
},
"id": "VAR-201101-0548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.14024471466666666
},
"last_update_date": "2022-05-17T02:08:18.831000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
],
"sources": [
{
"db": "BID",
"id": "45804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "45804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-13T00:00:00",
"db": "BID",
"id": "45804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-19T15:31:00",
"db": "BID",
"id": "45804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "45804"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RETIRED: Oracle January 2011 Critical Patch Update Multiple Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "45804"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "45804"
}
],
"trust": 0.3
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0260">var-200904-0260</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0260" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0260" aria-expanded="false" aria-controls="collapseJsonvar-200904-0260">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0260&t=Vulnerability var-200904-0260" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0260&title=Vulnerability var-200904-0260" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0260&url=https://vulnerability.circl.lu/vuln/var-200904-0260" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0260&title=Vulnerability var-200904-0260" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0260&description=Vulnerability var-200904-0260" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0260&title=Vulnerability var-200904-0260" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0260')" vuln-id="var-200904-0260" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0260">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0260">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.4.2.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0974"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0974",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0974",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0974",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-293",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0974",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53751",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"id": "VAR-200904-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:19:43.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156681"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0974"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53751"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0974"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0974"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.343000",
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001242"
},
{
"date": "2021-07-13T19:05:28.347000",
"db": "NVD",
"id": "CVE-2009-0974"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of Portal Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001242"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-293"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1786">var-202003-1786</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:</p>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. </p>
<p>NOTE: This advisory is an addendum to
https://access.redhat.com/errata/RHBA-2020:1414 and is an informational
advisory only, to clarify security fixes released therein. No code has been
modified as part of this advisory. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1
JBEAP-18974 - Upgrade snakeyaml to 1.26
JBEAP-18975 - Upgrade cryptacular to 1.2.4
JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001
JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final
JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final
JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final
JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project. </p>
<p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum. Solution:</p>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p>
<ol>
<li>The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </li>
</ol>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: rh-maven35-jackson-databind security update
Advisory ID: RHSA-2020:1523-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523
Issue date: 2020-04-21
Cross references: 1822587 1822174 1822932 1822937 1822927
CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111
CVE-2020-11112 CVE-2020-11113
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for rh-maven35-jackson-databind is now available for Red Hat
Software Collections. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg
LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB
N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp
dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J
998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT
22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK
+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv
yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0
x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m
g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J
PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt
8yoMyLl6FBM=
=n1if
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1786" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1786" aria-expanded="false" aria-controls="collapseJsonvar-202003-1786">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1786&t=Vulnerability var-202003-1786" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1786&url=https://vulnerability.circl.lu/vuln/var-202003-1786" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1786&description=Vulnerability var-202003-1786" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1786&title=Vulnerability var-202003-1786" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1786')" vuln-id="var-202003-1786" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1786">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1786">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1786",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 1.3
},
"cve": "CVE-2020-11112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003616",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003616",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003616",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163658",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11112",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11112",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48043",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-21475",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163658",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"id": "VAR-202003-1786",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:00:14.087000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Block one more gadget type (apache/commons-proxy, CVE-2020-11112) #2666",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2666"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115370"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2666"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-apache-commons-proxy-rmiprovider-serialization-gadgets-typing-32064"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48043"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-163658"
},
{
"date": "2020-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601"
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"date": "2020-03-31T05:15:13.070000",
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-163658"
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"date": "2024-07-03T01:36:11.610000",
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0417">var-200904-0417</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0417" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0417" aria-expanded="false" aria-controls="collapseJsonvar-200904-0417">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0417&t=Vulnerability var-200904-0417" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0417&title=Vulnerability var-200904-0417" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0417&url=https://vulnerability.circl.lu/vuln/var-200904-0417" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0417&title=Vulnerability var-200904-0417" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0417&description=Vulnerability var-200904-0417" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0417&title=Vulnerability var-200904-0417" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0417')" vuln-id="var-200904-0417" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0417">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0417">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0996",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0996",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0996",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-314",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0996",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53745",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"id": "VAR-200904-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T10:43:42.792000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158168"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0996"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53745"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0996"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0996"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.733000",
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001245"
},
{
"date": "2021-07-28T18:41:11.857000",
"db": "NVD",
"id": "CVE-2009-0996"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of BI Publisher Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-314"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0661">var-201607-0661</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0661" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0661" aria-expanded="false" aria-controls="collapseJsonvar-201607-0661">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0661&t=Vulnerability var-201607-0661" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0661&title=Vulnerability var-201607-0661" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0661&url=https://vulnerability.circl.lu/vuln/var-201607-0661" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0661&title=Vulnerability var-201607-0661" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0661&description=Vulnerability var-201607-0661" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0661&title=Vulnerability var-201607-0661" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0661')" vuln-id="var-201607-0661" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0661">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0661">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5453",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5453",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5453",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94272",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027IPMI\u0027 protocol. The \u0027IPMI\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5453",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92014",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"id": "VAR-201607-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:50:39.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63177"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92014"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5453"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5453"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2016-07-21T10:15:09.397000",
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2017-09-01T01:29:29.787000",
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In IPMI Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201711-0007">var-201711-0007</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability.
Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7
Advisory ID: RHSA-2017:1413-01
Product: Red Hat JBoss Core Services
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1413
Issue date: 2017-06-07
CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304
CVE-2016-7056 CVE-2016-8610 CVE-2016-8740
CVE-2016-8743
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update is now available for Red Hat JBoss Core Services on RHEL 7. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Core Services is a set of supplementary software for Red Hat
JBoss middleware products. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience. </p>
<p>This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in
the Release Notes document linked to in the References. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>A memory leak flaw was found in the way OpenSSL handled TLS status
request extension data during session renegotiation. A remote attacker
could cause a TLS server using OpenSSL to consume an excessive amount of
memory and, possibly, exit unexpectedly after exhausting all available
memory, if it enabled OCSP stapling support. (CVE-2016-6304)</p>
</li>
<li>
<p>It was discovered that the mod_session_crypto module of httpd did not use
any mechanisms to verify integrity of the encrypted session data stored in
the user's browser. (CVE-2016-0736)</p>
</li>
<li>
<p>It was discovered that the mod_auth_digest module of httpd did not
properly check for memory allocation failures. (CVE-2016-2161)</p>
</li>
<li>
<p>A timing attack flaw was found in OpenSSL that could allow a malicious
user with local access to recover ECDSA P-256 private keys.
(CVE-2016-8610)</p>
</li>
<li>
<p>It was discovered that the HTTP parser in httpd incorrectly allowed
certain characters not permitted by the HTTP protocol specification to
appear unencoded in HTTP request headers. If httpd was used in conjunction
with a proxy or backend server that interpreted those characters
differently, a remote attacker could possibly use this flaw to inject data
into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)</p>
</li>
<li>
<p>A vulnerability was found in httpd's handling of the LimitRequestFields
directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker
could send crafted requests with headers larger than the server's available
memory, causing httpd to crash. (CVE-2016-8740)</p>
</li>
</ul>
<p>Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304
and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610.
Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original
reporter of CVE-2016-6304. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<p>For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted. After installing the updated
packages, the httpd daemon will be restarted automatically. </p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2
1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto
1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest
1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss Core Services on RHEL 7 Server:</p>
<p>Source:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm</p>
<p>noarch:
jbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm</p>
<p>ppc64:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm</p>
<p>x86_64:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2016-0736
https://access.redhat.com/security/cve/CVE-2016-2161
https://access.redhat.com/security/cve/CVE-2016-6304
https://access.redhat.com/security/cve/CVE-2016-7056
https://access.redhat.com/security/cve/CVE-2016-8610
https://access.redhat.com/security/cve/CVE-2016-8740
https://access.redhat.com/security/cve/CVE-2016-8743
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en/red-hat-jboss-core-services/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2
JFT0GtD56HPD72nOXhIXyG8=
=7n2G
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library. </p>
<p>Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies. The updates are documented in the Release Notes document
linked to in the References. If sendfile processing completed quickly, it was
possible for the Processor to be added to the processor cache twice. This
could lead to invalid responses or information disclosure. (CVE-2017-5647)</p>
<ul>
<li>A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause undesired
side effects, possibly including the removal or replacement of the custom
error page. Solution:</li>
</ul>
<p>Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files). </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<p>This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update
to take effect. (CVE-2016-6304)</p>
<ul>
<li>
<p>It was discovered that OpenSSL did not always use constant time
operations when computing Digital Signature Algorithm (DSA) signatures.
(CVE-2016-8610)</p>
</li>
<li>
<p>Multiple integer overflow flaws were found in the way OpenSSL performed
pointer arithmetic.
===========================================================================
Ubuntu Security Notice USN-3181-1
January 31, 2017</p>
</li>
</ul>
<h1>openssl vulnerabilities</h1>
<p>A security issue affects these releases of Ubuntu and its derivatives:</p>
<ul>
<li>Ubuntu 16.10</li>
<li>Ubuntu 16.04 LTS</li>
<li>Ubuntu 14.04 LTS</li>
<li>Ubuntu 12.04 LTS</li>
</ul>
<p>Summary:</p>
<p>Several security issues were fixed in OpenSSL. This
issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other
releases were fixed in a previous security update. (CVE-2016-2177)</p>
<p>It was discovered that OpenSSL did not properly handle Montgomery
multiplication, resulting in incorrect results leading to transient
failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2016-7056)</p>
<p>Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)</p>
<p>Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain
truncated packets. (CVE-2017-3731)</p>
<p>It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
squaring procedure. This issue only applied to Ubuntu 16.04
LTS, and Ubuntu 16.10. (CVE-2017-3732)</p>
<p>Update instructions:</p>
<p>The problem can be corrected by updating your system to the following
package versions:</p>
<p>Ubuntu 16.10:
libssl1.0.0 1.0.2g-1ubuntu9.1</p>
<p>Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.6</p>
<p>Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.22</p>
<p>Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.39</p>
<p>After a standard system update you need to reboot your computer to make
all the necessary changes</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201711-0007" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201711-0007" aria-expanded="false" aria-controls="collapseJsonvar-201711-0007">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201711-0007&t=Vulnerability var-201711-0007" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201711-0007&title=Vulnerability var-201711-0007" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201711-0007&url=https://vulnerability.circl.lu/vuln/var-201711-0007" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201711-0007&title=Vulnerability var-201711-0007" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201711-0007&description=Vulnerability var-201711-0007" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201711-0007&title=Vulnerability var-201711-0007" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201711-0007')" vuln-id="var-201711-0007" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201711-0007">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201711-0007">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 2.4,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 2.4,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.1.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.0"
},
{
"model": "m10-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m12-2",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.40"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m12-2s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m10-4",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.4.1.0"
},
{
"model": "host agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "6.1.17"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "ontap select deploy",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"model": "m10-4s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "storagegrid webscale",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.10"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "adaptive access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.2 to 1.0.2h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "jboss web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "60"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.14"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.13"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.12"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.11"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.10"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.5"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.4"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.1"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.9"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.8"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.7"
},
{
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.2h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "project openssl 0.9.8zh",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zg",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zf",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8ze",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zd",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "sterling connect:direct for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.4"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.8.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.13"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.12"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.11"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.10"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.9"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.8"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.12"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.10"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.16"
},
{
"model": "project openssl 1.1.0b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.2j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:direct for unix 4.1.0.4.ifix085",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.9.0"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.2"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.4"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.11"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.14"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
}
],
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2h",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shi Lei from Gear Team, Qihoo 360 Inc.",
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8610",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8610",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8610",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97430",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7\nAdvisory ID: RHSA-2017:1413-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1413\nIssue date: 2017-06-07\nCVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 \n CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 \n CVE-2016-8743 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0736\nhttps://access.redhat.com/security/cve/CVE-2016-2161\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-7056\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2016-8740\nhttps://access.redhat.com/security/cve/CVE-2016-8743\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2\nJFT0GtD56HPD72nOXhIXyG8=\n=7n2G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update\nto take effect. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-8610)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. \n===========================================================================\nUbuntu Security Notice USN-3181-1\nJanuary 31, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other\nreleases were fixed in a previous security update. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)\n\nRobert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain\ntruncated packets. (CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64 Montgomery\nsquaring procedure. This issue only applied to Ubuntu 16.04\nLTS, and Ubuntu 16.10. (CVE-2017-3732)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n libssl1.0.0 1.0.2g-1ubuntu9.1\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.6\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.22\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.39\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8610",
"trust": 4.4
},
{
"db": "BID",
"id": "93841",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1037084",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2173",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141752",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92490",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97430",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143176",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140850",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"id": "VAR-201711-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
}
],
"trust": 0.35113123999999996
},
"last_update_date": "2024-07-23T21:57:50.988000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Don\u0027t\u00a0allow\u00a0too\u00a0many\u00a0consecutive\u00a0warning\u00a0alerts Red hat Red\u00a0Hat\u00a0Bugzilla",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"title": "OpenSSL Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=65089"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170286 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory"
},
{
"title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170574 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-3773-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031"
},
{
"title": "Red Hat: CVE-2016-8610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8610"
},
{
"title": "Amazon Linux AMI: ALAS-2017-803",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-803"
},
{
"title": "Ubuntu Security Notice: gnutls26 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-2"
},
{
"title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-815",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-815"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85"
},
{
"title": "CVE-2016-8610-PoC",
"trust": 0.1,
"url": "https://github.com/cujanovic/cve-2016-8610-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/93841"
},
{
"trust": 2.1,
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1413"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1658"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2493"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2494"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1037084"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"trust": 1.8,
"url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1414"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 1.8,
"url": "https://security.360.cn/cve/cve-2016-8610/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"trust": 1.8,
"url": "https://security.paloaltonetworks.com/cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.9,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 0.9,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/87"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-8610"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-6304"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2173/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-7056"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2161"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/3155411"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2177"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/cujanovic/cve-2016-8610-poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3183-2/"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3181-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "143176"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "143181"
},
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97430"
},
{
"date": "2017-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93841"
},
{
"date": "2017-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"date": "2017-06-07T22:47:57",
"db": "PACKETSTORM",
"id": "142848"
},
{
"date": "2017-08-22T05:29:02",
"db": "PACKETSTORM",
"id": "143874"
},
{
"date": "2017-06-07T22:47:43",
"db": "PACKETSTORM",
"id": "142847"
},
{
"date": "2017-06-28T22:12:00",
"db": "PACKETSTORM",
"id": "143176"
},
{
"date": "2017-08-22T05:28:16",
"db": "PACKETSTORM",
"id": "143873"
},
{
"date": "2017-06-28T22:37:00",
"db": "PACKETSTORM",
"id": "143181"
},
{
"date": "2017-02-01T00:36:45",
"db": "PACKETSTORM",
"id": "140850"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"date": "2017-11-13T22:29:00.203000",
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97430"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"date": "2017-08-22T08:11:00",
"db": "BID",
"id": "93841"
},
{
"date": "2024-02-27T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2016-008860"
},
{
"date": "2023-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"date": "2024-01-26T17:44:24.227000",
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140850"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201805-1190">var-201805-1190</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. Pivotal Software Spring Security is a set of security framework provided by American Pivotal Software Company to provide descriptive security protection for Spring-based applications. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Important: Red Hat Fuse 7.4.0 security update
Advisory ID: RHSA-2019:2413-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2413
Issue date: 2019-08-08
CVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320
CVE-2018-8088 CVE-2018-10899 CVE-2018-15758
CVE-2019-0192 CVE-2019-3805
====================================================================
1. Summary:</p>
<p>A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse
7.3, and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>hazelcast: java deserialization in join cluster procedure leading to
remote code execution (CVE-2016-10750)</p>
</li>
<li>
<p>slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)</p>
</li>
<li>
<p>jolokia: system-wide CSRF that could lead to Remote Code Execution
(CVE-2018-10899)</p>
</li>
<li>
<p>spring-security-oauth: Privilege escalation by manipulating saved
authorization request (CVE-2018-15758)</p>
</li>
<li>
<p>solr: remote code execution due to unsafe deserialization (CVE-2019-0192)</p>
</li>
<li>
<p>thrift: SASL negotiation isComplete validation bypass in the
org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)</p>
</li>
<li>
<p>spring-security-core: Unauthorized Access with Spring Security Method
Security (CVE-2018-1258)</p>
</li>
<li>
<p>wildfly: Race condition on PID file allows for termination of arbitrary
processes by local users (CVE-2019-3805)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>Installation instructions are available from the Fuse 7.4.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security
1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution
1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request
1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class
1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization
1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2016-10750
https://access.redhat.com/security/cve/CVE-2018-1258
https://access.redhat.com/security/cve/CVE-2018-1320
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/cve/CVE-2018-10899
https://access.redhat.com/security/cve/CVE-2018-15758
https://access.redhat.com/security/cve/CVE-2019-0192
https://access.redhat.com/security/cve/CVE-2019-3805
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g
4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad
VzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc
90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw
gNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF
Mnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+
7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy
GYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg
N/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK
UFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3
Aa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu
NNAto03aZgE=rpUB
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201805-1190" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201805-1190" aria-expanded="false" aria-controls="collapseJsonvar-201805-1190">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201805-1190&t=Vulnerability var-201805-1190" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201805-1190&title=Vulnerability var-201805-1190" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201805-1190&url=https://vulnerability.circl.lu/vuln/var-201805-1190" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201805-1190&title=Vulnerability var-201805-1190" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201805-1190&description=Vulnerability var-201805-1190" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201805-1190&title=Vulnerability var-201805-1190" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201805-1190')" vuln-id="var-201805-1190" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201805-1190">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201805-1190">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "micros lucas",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.9.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.3"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "spring security",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "*"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2.8191"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"model": "oncommand unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oncommand unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "enterprise manager for mysql database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.6"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.8"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.7"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.9"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.2.4"
},
{
"model": "spring security",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "0"
},
{
"model": "spring framework 5.0.5.release",
"scope": null,
"trust": 0.3,
"vendor": "pivotal",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0.3.100"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1.3.37"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0.3.26"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.2.8191"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.6.5281"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.4.9.4237"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.21"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "communications performance intelligence center software",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications performance intelligence center software",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0.2"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.6"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "spring framework 5.0.6.release",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": null
},
{
"model": "communications services gatekeeper",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "communications performance intelligence center software",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "communications diameter signaling router",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
}
],
"sources": [
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2.8191",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1258"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Spring Security Team.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-122553",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1258",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1258",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122553",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1258",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. Pivotal Software Spring Security is a set of security framework provided by American Pivotal Software Company to provide descriptive security protection for Spring-based applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.4.0 security update\nAdvisory ID: RHSA-2019:2413-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2413\nIssue date: 2019-08-08\nCVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320\n CVE-2018-8088 CVE-2018-10899 CVE-2018-15758\n CVE-2019-0192 CVE-2019-3805\n====================================================================\n1. Summary:\n\nA minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse\n7.3, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to\nremote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution\n(CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved\nauthorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the\norg.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method\nSecurity (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.4.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security\n1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution\n1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class\n1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization\n1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10750\nhttps://access.redhat.com/security/cve/CVE-2018-1258\nhttps://access.redhat.com/security/cve/CVE-2018-1320\nhttps://access.redhat.com/security/cve/CVE-2018-8088\nhttps://access.redhat.com/security/cve/CVE-2018-10899\nhttps://access.redhat.com/security/cve/CVE-2018-15758\nhttps://access.redhat.com/security/cve/CVE-2019-0192\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.4.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g\n4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad\nVzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc\n90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw\ngNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF\nMnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+\n7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy\nGYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg\nN/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK\nUFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3\nAa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu\nNNAto03aZgE=rpUB\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "PACKETSTORM",
"id": "153980"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1258",
"trust": 3.0
},
{
"db": "BID",
"id": "104222",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041896",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041888",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153980",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3040",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122553",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1258",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"id": "VAR-201805-1190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:33:07.574000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1258: Unauthorized Access with Spring Security Method Security",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"title": "Pivotal Spring Security and Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80031"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192413 - security advisory"
},
{
"title": "Red Hat: CVE-2018-1258",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1258"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "nvd_scrapper",
"trust": 0.1,
"url": "https://github.com/abhav/nvd_scrapper "
},
{
"title": "cybsec",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/104222"
},
{
"trust": 2.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:2413"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041888"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041896"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1258"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1258"
},
{
"trust": 0.6,
"url": "http://pivotal.io/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153980/red-hat-security-advisory-2019-2413-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3040/"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/abhav/nvd_scrapper"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122553"
},
{
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"db": "BID",
"id": "104222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122553"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"date": "2018-05-09T00:00:00",
"db": "BID",
"id": "104222"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"date": "2019-08-08T14:34:03",
"db": "PACKETSTORM",
"id": "153980"
},
{
"date": "2018-05-11T20:29:00.260000",
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122553"
},
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1258"
},
{
"date": "2019-07-17T09:00:00",
"db": "BID",
"id": "104222"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005018"
},
{
"date": "2022-04-11T17:18:30.107000",
"db": "NVD",
"id": "CVE-2018-1258"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Authorization vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005018"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-404"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202003-1777">var-202003-1777</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>apache-commons-beanutils: does not suppresses the class property in
PropertyUtilsBean by default (CVE-2019-10086)</p>
</li>
<li>
<p>cxf: does not restrict the number of message attachments (CVE-2019-12406)</p>
</li>
<li>
<p>cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12419)</p>
</li>
<li>
<p>hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)</p>
</li>
<li>
<p>HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)</p>
</li>
<li>
<p>HTTP/2: flood using HEADERS frames results in unbounded memory growth
(CVE-2019-9514)</p>
</li>
<li>
<p>HTTP/2: flood using SETTINGS frames results in unbounded memory growth
(CVE-2019-9515)</p>
</li>
<li>
<p>HTTP/2: large amount of data requests leads to denial of service
(CVE-2019-9511)</p>
</li>
<li>
<p>jackson-databind: Multiple serialization gadgets (CVE-2019-17531,
CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,
CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,
CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)</p>
</li>
<li>
<p>jackson-databind: mishandles the interaction between serialization
gadgets and typing which could result in remote command
execution (CVE-2020-10672, CVE-2020-10673)</p>
</li>
<li>
<p>keycloak: adapter endpoints are exposed via arbitrary URLs
(CVE-2019-14820)</p>
</li>
<li>
<p>keycloak: missing signatures validation on CRL used to verify client
certificates (CVE-2019-3875)</p>
</li>
<li>
<p>keycloak: SAML broker does not check existence of signature on document
allowing any user impersonation (CVE-2019-10201)</p>
</li>
<li>
<p>keycloak: CSRF check missing in My Resources functionality in the Account
Console (CVE-2019-10199)</p>
</li>
<li>
<p>keycloak: cross-realm user access auth bypass (CVE-2019-14832)</p>
</li>
<li>
<p>netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)</p>
</li>
<li>
<p>SmallRye: SecuritySupport class is incorrectly public and contains a
static method to access the current threads context class loader
(CVE-2020-1729)</p>
</li>
<li>
<p>thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)</p>
</li>
<li>
<p>thrift: Endless loop when feed with specific input data (CVE-2019-0205)</p>
</li>
<li>
<p>undertow: possible Denial Of Service (DOS) in Undertow HTTP server
listening on HTTPS (CVE-2019-14888)</p>
</li>
<li>
<p>wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)</p>
</li>
<li>
<p>wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
'Deployer' user by default (CVE-2019-14838)</p>
</li>
<li>
<p>xml-security: Apache Santuario potentially loads XML parsing code from an
untrusted source (CVE-2019-12400)</p>
</li>
</ul>
<p>For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section. You must be logged in to download the update. </p>
<p>NOTE: This advisory is an addendum to
https://access.redhat.com/errata/RHBA-2020:1414 and is an informational
advisory only, to clarify security fixes released therein. No code has been
modified as part of this advisory. Description:</p>
<p>Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Summary:</p>
<p>This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1
JBEAP-18974 - Upgrade snakeyaml to 1.26
JBEAP-18975 - Upgrade cryptacular to 1.2.4
JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001
JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final
JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final
JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final
JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Process Automation Manager is an open source business process
management suite that combines process management and decision service
management and enables business and IT users to create, manage, validate,
and deploy process applications and decision services. Description:</p>
<p>Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
Infinispan project. </p>
<p>This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat
Data Grid 7.3.6 and includes bug fixes and enhancements, which are
described in the Release Notes, linked to in the References section of this
erratum. Solution:</p>
<p>To install this update, do the following:</p>
<ol>
<li>Download the Data Grid 7.3.7 server patch from the customer portal. See
the download link in the References section. Back up your existing Data Grid installation. You should back up
databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes
for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1595621 - CVE-2017-7658 jetty: Incorrect header handling
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender</p>
<ol>
<li>The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </li>
</ol>
<p>Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: rh-maven35-jackson-databind security update
Advisory ID: RHSA-2020:1523-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523
Issue date: 2020-04-21
Cross references: 1822587 1822174 1822932 1822937 1822927
CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111
CVE-2020-11112 CVE-2020-11113
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for rh-maven35-jackson-databind is now available for Red Hat
Software Collections. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch</p>
<ol>
<li>Description:</li>
</ol>
<p>The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>jackson-databind: Serialization gadgets in
org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in javax.swing.JEditorPane
(CVE-2020-10969)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)</p>
</li>
<li>
<p>jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):</p>
<p>Source:
rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm</p>
<p>noarch:
rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11111
https://access.redhat.com/security/cve/CVE-2020-11112
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg
LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB
N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp
dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J
998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT
22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK
+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv
yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0
x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m
g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J
PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt
8yoMyLl6FBM=
=n1if
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202003-1777" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202003-1777" aria-expanded="false" aria-controls="collapseJsonvar-202003-1777">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202003-1777&t=Vulnerability var-202003-1777" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202003-1777&url=https://vulnerability.circl.lu/vuln/var-202003-1777" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202003-1777&description=Vulnerability var-202003-1777" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202003-1777&title=Vulnerability var-202003-1777" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202003-1777')" vuln-id="var-202003-1777" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202003-1777">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202003-1777">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.0.1.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 1.3
},
"cve": "CVE-2020-10968",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003420",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10968",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003420",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003420",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1625",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163499",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10968",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10968",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48376",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-24033",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163499",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10968",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"id": "VAR-202003-1777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:40:07.001000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Block one more gadget type (bus-proxy, CVE-2020-10968) #2662",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2662"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115309"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205625 - security advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201523 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203779 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202333 - security advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204366 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203192 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2662"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-bus-proxy-rmiprovider-serialization-gadgets-typing-32061"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48376"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-163499"
},
{
"date": "2020-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741"
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601"
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208"
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636"
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"date": "2020-03-26T13:15:12.970000",
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163499"
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"date": "2024-07-03T01:36:08.923000",
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202009-1625">var-202009-1625</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. Spring Framework Contains an unspecified vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The following products and versions are affected: 5.2.0 - 5.2.8, 5.1.0 to 5.1.17, 5.0.0 to 5.0.18, 4.3.0 to 4.3.28 and earlier unsupported versions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Moderate: Red Hat Fuse 7.9.0 release and security update
Advisory ID: RHSA-2021:3140-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3140
Issue date: 2021-08-11
CVE Names: CVE-2017-5645 CVE-2017-18640 CVE-2019-12402
CVE-2019-14887 CVE-2019-16869 CVE-2019-20445
CVE-2020-1695 CVE-2020-1925 CVE-2020-1935
CVE-2020-1938 CVE-2020-5410 CVE-2020-5421
CVE-2020-6950 CVE-2020-9484 CVE-2020-10688
CVE-2020-10693 CVE-2020-10714 CVE-2020-10719
CVE-2020-11996 CVE-2020-13920 CVE-2020-13934
CVE-2020-13935 CVE-2020-13936 CVE-2020-13954
CVE-2020-13956 CVE-2020-14040 CVE-2020-14297
CVE-2020-14338 CVE-2020-14340 CVE-2020-17510
CVE-2020-17518 CVE-2020-25633 CVE-2020-25638
CVE-2020-25640 CVE-2020-25644 CVE-2020-26258
CVE-2020-26945 CVE-2020-27216 CVE-2020-28052
CVE-2021-27807 CVE-2021-27906 CVE-2021-28165
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse
7.8, and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>hawtio-osgi (CVE-2017-5645)</p>
</li>
<li>
<p>prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)</p>
</li>
<li>
<p>apache-commons-compress (CVE-2019-12402)</p>
</li>
<li>
<p>karaf-transaction-manager-narayana: netty (CVE-2019-16869,
CVE-2019-20445)</p>
</li>
<li>
<p>tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934,
CVE-2020-13935, CVE-2020-11996)</p>
</li>
<li>
<p>spring-cloud-config-server (CVE-2020-5410)</p>
</li>
<li>
<p>velocity (CVE-2020-13936)</p>
</li>
<li>
<p>httpclient: apache-httpclient (CVE-2020-13956)</p>
</li>
<li>
<p>shiro-core: shiro (CVE-2020-17510)</p>
</li>
<li>
<p>hibernate-core (CVE-2020-25638)</p>
</li>
<li>
<p>wildfly-openssl (CVE-2020-25644)</p>
</li>
<li>
<p>jetty (CVE-2020-27216, CVE-2021-28165)</p>
</li>
<li>
<p>bouncycastle (CVE-2020-28052)</p>
</li>
<li>
<p>wildfly (CVE-2019-14887, CVE-2020-25640)</p>
</li>
<li>
<p>resteasy-jaxrs: resteasy (CVE-2020-1695)</p>
</li>
<li>
<p>camel-olingo4 (CVE-2020-1925)</p>
</li>
<li>
<p>springframework (CVE-2020-5421)</p>
</li>
<li>
<p>jsf-impl: Mojarra (CVE-2020-6950)</p>
</li>
<li>
<p>resteasy (CVE-2020-10688)</p>
</li>
<li>
<p>hibernate-validator (CVE-2020-10693)</p>
</li>
<li>
<p>wildfly-elytron (CVE-2020-10714)</p>
</li>
<li>
<p>undertow (CVE-2020-10719)</p>
</li>
<li>
<p>activemq (CVE-2020-13920)</p>
</li>
<li>
<p>cxf-core: cxf (CVE-2020-13954)</p>
</li>
<li>
<p>fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)</p>
</li>
<li>
<p>jboss-ejb-client: wildfly (CVE-2020-14297)</p>
</li>
<li>
<p>xercesimpl: wildfly (CVE-2020-14338)</p>
</li>
<li>
<p>xnio (CVE-2020-14340)</p>
</li>
<li>
<p>flink: apache-flink (CVE-2020-17518)</p>
</li>
<li>
<p>resteasy-client (CVE-2020-25633)</p>
</li>
<li>
<p>xstream (CVE-2020-26258)</p>
</li>
<li>
<p>mybatis (CVE-2020-26945)</p>
</li>
<li>
<p>pdfbox (CVE-2021-27807, CVE-2021-27906)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>Installation instructions are available from the Fuse 7.9.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature
1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl
1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack
1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS
1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS
1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl
1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack
1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid
1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error
1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs
1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution
1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability
1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath
1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass
1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling
1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API
1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates
1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file
1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file
1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2017-5645
https://access.redhat.com/security/cve/CVE-2017-18640
https://access.redhat.com/security/cve/CVE-2019-12402
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2019-16869
https://access.redhat.com/security/cve/CVE-2019-20445
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1925
https://access.redhat.com/security/cve/CVE-2020-1935
https://access.redhat.com/security/cve/CVE-2020-1938
https://access.redhat.com/security/cve/CVE-2020-5410
https://access.redhat.com/security/cve/CVE-2020-5421
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-9484
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/cve/CVE-2020-11996
https://access.redhat.com/security/cve/CVE-2020-13920
https://access.redhat.com/security/cve/CVE-2020-13934
https://access.redhat.com/security/cve/CVE-2020-13935
https://access.redhat.com/security/cve/CVE-2020-13936
https://access.redhat.com/security/cve/CVE-2020-13954
https://access.redhat.com/security/cve/CVE-2020-13956
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14297
https://access.redhat.com/security/cve/CVE-2020-14338
https://access.redhat.com/security/cve/CVE-2020-14340
https://access.redhat.com/security/cve/CVE-2020-17510
https://access.redhat.com/security/cve/CVE-2020-17518
https://access.redhat.com/security/cve/CVE-2020-25633
https://access.redhat.com/security/cve/CVE-2020-25638
https://access.redhat.com/security/cve/CVE-2020-25640
https://access.redhat.com/security/cve/CVE-2020-25644
https://access.redhat.com/security/cve/CVE-2020-26258
https://access.redhat.com/security/cve/CVE-2020-26945
https://access.redhat.com/security/cve/CVE-2020-27216
https://access.redhat.com/security/cve/CVE-2020-28052
https://access.redhat.com/security/cve/CVE-2021-27807
https://access.redhat.com/security/cve/CVE-2021-27906
https://access.redhat.com/security/cve/CVE-2021-28165
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.9.0
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYRQVh9zjgjWX9erEAQjAxg/+O0wRNyDejQCX7SWv2Lvo5YZVE9Azv+hd
pWFbtNu1cruoiUWY2vqArIH8KmZXWYS/EDQCe4PfIB0wKZfx9dS7y19Ct4swE4Y2
3L0DRVp9YLoqZC3ndVIk3W+RSLEODc5S3IAi6twXlmiZlAwPJXDvcs7aeUAPGc0m
93Y3lZofrpaEnyEVdoUsz0M47mQQYxNJ1nPF9FuUDsOXUqiu18JS9DsuyWwONyKw
dPCxfHf3ioI+ymsYjoO+fIcu3dR6lGryvsEFY3dnXePiLlp5NBrRW359K6EQGM/e
f1PsXzVYrWMikmxpGaOM7KkoLPAcvtznd4G62ZGUODyAEUKLderr9M7zG88Eg2gG
Ycw5D4UkJ+QZB/qHlQJHLrrzuPybGBXSdl2VLTF/m7YZSE9C2yW1ZatyahhdEP3T
+MmzU6mnbuPCrYjwL/AgCGx3ap52+2eL5HvDzf7+5plY6MVpHZQb2iiIj6H58P6g
ffxr6dGJdDtw5ovzls0Gor4sb69KJ+3xrRLg2C7cndd+3RJc8SCiCRUV9QE2IHTb
H3cDXlNbYcqzDxQZNUUO13+GOEgXQLrIJokA3zNXzzYFr2tivmiWF6rKrJ6UnECl
86tpZfh4vcosv3nN6Cg9VAizrMm/84B4L3T4jm/mrN4SGg3CSJqa03r7ig3+oHFX
H9jzBVxbmuk=
=jp7z
-----END PGP SIGNATURE-----</p>
<p>--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202009-1625" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202009-1625" aria-expanded="false" aria-controls="collapseJsonvar-202009-1625">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202009-1625&t=Vulnerability var-202009-1625" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202009-1625&title=Vulnerability var-202009-1625" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202009-1625&url=https://vulnerability.circl.lu/vuln/var-202009-1625" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202009-1625&title=Vulnerability var-202009-1625" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202009-1625&description=Vulnerability var-202009-1625" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202009-1625&title=Vulnerability var-202009-1625" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202009-1625')" vuln-id="var-202009-1625" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202009-1625">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202009-1625">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2.1"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.2.5"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.10"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "endeca information discovery integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.9"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "retail customer engagement",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications brm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0.9"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.9"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.19"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications brm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.19"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.29"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail customer engagement",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.22"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.20"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.21"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.1.18"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.4"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "spring framework",
"scope": null,
"trust": 0.8,
"vendor": "pivotal",
"version": null
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.18",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.20",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.19",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.21",
"versionStartIncluding": "18.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.10",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm:11.3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_engagement:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
}
],
"trust": 0.1
},
"cve": "CVE-2020-5421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-5421",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-183546",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@pivotal.io",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-5421",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5421",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security@pivotal.io",
"id": "CVE-2020-5421",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1050",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-183546",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-5421",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183546"
},
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. Spring Framework Contains an unspecified vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The following products and versions are affected: 5.2.0 - 5.2.8, 5.1.0 to 5.1.17, 5.0.0 to 5.0.18, 4.3.0 to 4.3.28 and earlier unsupported versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Fuse 7.9.0 release and security update\nAdvisory ID: RHSA-2021:3140-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3140\nIssue date: 2021-08-11\nCVE Names: CVE-2017-5645 CVE-2017-18640 CVE-2019-12402 \n CVE-2019-14887 CVE-2019-16869 CVE-2019-20445 \n CVE-2020-1695 CVE-2020-1925 CVE-2020-1935 \n CVE-2020-1938 CVE-2020-5410 CVE-2020-5421 \n CVE-2020-6950 CVE-2020-9484 CVE-2020-10688 \n CVE-2020-10693 CVE-2020-10714 CVE-2020-10719 \n CVE-2020-11996 CVE-2020-13920 CVE-2020-13934 \n CVE-2020-13935 CVE-2020-13936 CVE-2020-13954 \n CVE-2020-13956 CVE-2020-14040 CVE-2020-14297 \n CVE-2020-14338 CVE-2020-14340 CVE-2020-17510 \n CVE-2020-17518 CVE-2020-25633 CVE-2020-25638 \n CVE-2020-25640 CVE-2020-25644 CVE-2020-26258 \n CVE-2020-26945 CVE-2020-27216 CVE-2020-28052 \n CVE-2021-27807 CVE-2021-27906 CVE-2021-28165 \n=====================================================================\n\n1. Summary:\n\nA minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThis release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse\n7.8, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869,\nCVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934,\nCVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers\n1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature\n1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability\n1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack\n1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution\n1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability\n1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath\n1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/cve/CVE-2017-18640\nhttps://access.redhat.com/security/cve/CVE-2019-12402\nhttps://access.redhat.com/security/cve/CVE-2019-14887\nhttps://access.redhat.com/security/cve/CVE-2019-16869\nhttps://access.redhat.com/security/cve/CVE-2019-20445\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1925\nhttps://access.redhat.com/security/cve/CVE-2020-1935\nhttps://access.redhat.com/security/cve/CVE-2020-1938\nhttps://access.redhat.com/security/cve/CVE-2020-5410\nhttps://access.redhat.com/security/cve/CVE-2020-5421\nhttps://access.redhat.com/security/cve/CVE-2020-6950\nhttps://access.redhat.com/security/cve/CVE-2020-9484\nhttps://access.redhat.com/security/cve/CVE-2020-10688\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10719\nhttps://access.redhat.com/security/cve/CVE-2020-11996\nhttps://access.redhat.com/security/cve/CVE-2020-13920\nhttps://access.redhat.com/security/cve/CVE-2020-13934\nhttps://access.redhat.com/security/cve/CVE-2020-13935\nhttps://access.redhat.com/security/cve/CVE-2020-13936\nhttps://access.redhat.com/security/cve/CVE-2020-13954\nhttps://access.redhat.com/security/cve/CVE-2020-13956\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/cve/CVE-2020-14338\nhttps://access.redhat.com/security/cve/CVE-2020-14340\nhttps://access.redhat.com/security/cve/CVE-2020-17510\nhttps://access.redhat.com/security/cve/CVE-2020-17518\nhttps://access.redhat.com/security/cve/CVE-2020-25633\nhttps://access.redhat.com/security/cve/CVE-2020-25638\nhttps://access.redhat.com/security/cve/CVE-2020-25640\nhttps://access.redhat.com/security/cve/CVE-2020-25644\nhttps://access.redhat.com/security/cve/CVE-2020-26258\nhttps://access.redhat.com/security/cve/CVE-2020-26945\nhttps://access.redhat.com/security/cve/CVE-2020-27216\nhttps://access.redhat.com/security/cve/CVE-2020-28052\nhttps://access.redhat.com/security/cve/CVE-2021-27807\nhttps://access.redhat.com/security/cve/CVE-2021-27906\nhttps://access.redhat.com/security/cve/CVE-2021-28165\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQVh9zjgjWX9erEAQjAxg/+O0wRNyDejQCX7SWv2Lvo5YZVE9Azv+hd\npWFbtNu1cruoiUWY2vqArIH8KmZXWYS/EDQCe4PfIB0wKZfx9dS7y19Ct4swE4Y2\n3L0DRVp9YLoqZC3ndVIk3W+RSLEODc5S3IAi6twXlmiZlAwPJXDvcs7aeUAPGc0m\n93Y3lZofrpaEnyEVdoUsz0M47mQQYxNJ1nPF9FuUDsOXUqiu18JS9DsuyWwONyKw\ndPCxfHf3ioI+ymsYjoO+fIcu3dR6lGryvsEFY3dnXePiLlp5NBrRW359K6EQGM/e\nf1PsXzVYrWMikmxpGaOM7KkoLPAcvtznd4G62ZGUODyAEUKLderr9M7zG88Eg2gG\nYcw5D4UkJ+QZB/qHlQJHLrrzuPybGBXSdl2VLTF/m7YZSE9C2yW1ZatyahhdEP3T\n+MmzU6mnbuPCrYjwL/AgCGx3ap52+2eL5HvDzf7+5plY6MVpHZQb2iiIj6H58P6g\nffxr6dGJdDtw5ovzls0Gor4sb69KJ+3xrRLg2C7cndd+3RJc8SCiCRUV9QE2IHTb\nH3cDXlNbYcqzDxQZNUUO13+GOEgXQLrIJokA3zNXzzYFr2tivmiWF6rKrJ6UnECl\n86tpZfh4vcosv3nN6Cg9VAizrMm/84B4L3T4jm/mrN4SGg3CSJqa03r7ig3+oHFX\nH9jzBVxbmuk=\n=jp7z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-183546"
},
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "PACKETSTORM",
"id": "163798"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5421",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021042641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042319",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072778",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042542",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2731",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0318",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183546",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-5421",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163798",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183546"
},
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"id": "VAR-202009-1625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183546"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T00:37:15.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-5421",
"trust": 0.8,
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"title": "Pivotal Software Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128759"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2020-5421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e21ac0d0c68c20c593f7e586cb341ec5"
},
{
"title": "ProjetDevJava",
"trust": 0.1,
"url": "https://github.com/delaval-htps/projetdevjava "
},
{
"title": "Spring \u5b89\u5168\u6f0f\u6d1e CVE-2020-5421\u590d\u73b0",
"trust": 0.1,
"url": "https://github.com/pandamingx/cve-2020-5421 "
},
{
"title": "Vulnerability_Environment",
"trust": 0.1,
"url": "https://github.com/x-f1v3/vulnerability_environment "
},
{
"title": "MergeBase LAST UPDATE 07/06/23: Vulnerable w/ Gradle",
"trust": 0.1,
"url": "https://github.com/emilywang0/mergebase_test_vuln "
},
{
"title": "SpringSecurity",
"trust": 0.1,
"url": "https://github.com/ax1sx/springsecurity "
},
{
"title": "spring-boot-demo con Security CI/CD\nEJECUCION\nErrores\nResultado final\nLog",
"trust": 0.1,
"url": "https://github.com/scordero1234/java_sec_demo-main "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/poc "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5421"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3cdev.ranger.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3cdev.ambari.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3ccommits.ambari.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3cissues.ambari.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3cuser.ignite.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3cuser.ignite.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3ccommits.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3cdev.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3cissues.ambari.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3cuser.ignite.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3cuser.ignite.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3cdev.ranger.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6443419"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vmware-spring-framework-privilege-escalation-via-rfd-protection-bypass-33361"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-3/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072778"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-spring-framework-affects-ibm-control-center-cve-2020-5421/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-rational-test-control-panel-affected-by-spring-framework-vulnerability/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-as-used-by-ibm-qradar-siem-is-vulnerable-to-improper-input-validation-cve-2020-5421/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-2/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042319"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0318/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042542"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042641"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2731"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-spring/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012321"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2020-5421-2/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381"
},
{
"trust": 0.1,
"url": "https://github.com/delaval-htps/projetdevjava"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27807"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183546"
},
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183546"
},
{
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-183546"
},
{
"date": "2020-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"date": "2021-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"date": "2021-08-12T15:42:56",
"db": "PACKETSTORM",
"id": "163798"
},
{
"date": "2020-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-09-19T04:15:11.527000",
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-183546"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5421"
},
{
"date": "2021-04-09T05:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-011682"
},
{
"date": "2022-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:23:46.983000",
"db": "NVD",
"id": "CVE-2020-5421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring\u00a0Framework\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1050"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202112-2011">var-202112-2011</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. The purpose of this
text-only errata is to inform you about the security issues fixed in this
release. </p>
<p>Installation instructions are available from the Fuse product documentation
pages:</p>
<p>Fuse 7.8:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications</p>
<p>Fuse 7.9:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications</p>
<p>Fuse 7.10:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications</p>
<ol>
<li></li>
</ol>
<p>The References section of this erratum contains a download link for the
update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Advisory ID: RHSA-2022:1297-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297
Issue date: 2022-04-11
CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046
CVE-2021-45105 CVE-2022-23302 CVE-2022-23305
CVE-2022-23307
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>A security update is now available for Red Hat JBoss Enterprise Application
Platform 7.4 for Red Hat Enterprise Linux 8. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime. </p>
<p>This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.4.4 Release Notes for information about the most
significant bug fixes and enhancements included in this release. </p>
<p>Security Fix(es):</p>
<ul>
<li>
<p>log4j: SQL injection in Log4j 1.x when application is configured to use
JDBCAppender (CVE-2022-23305)</p>
</li>
<li>
<p>log4j: Unsafe deserialization flaw in Chainsaw log viewer
(CVE-2022-23307)</p>
</li>
<li>
<p>log4j: Remote code execution in Log4j 1.x when application is configured
to use JMSAppender (CVE-2021-4104)</p>
</li>
<li>
<p>log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)</p>
</li>
<li>
<p>log4j-core: DoS in log4j 2.x with thread context message pattern and
context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)</p>
</li>
<li>
<p>log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data
contains a recursive lookup and context lookup pattern (CVE-2021-45105)</p>
</li>
<li>
<p>log4j: Remote code execution in Log4j 1.x when application is configured
to use JMSSink (CVE-2022-23302)</p>
</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications. </p>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer</p>
<ol>
<li>JIRA issues fixed (https://issues.jboss.org/):</li>
</ol>
<p>JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7
JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1
JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034
JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)
JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console
JBEAP-22839 - <a href="7.4.z">GSS</a> Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001
JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001
JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8
JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002
JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001
JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001
JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001
JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002
JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final
JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final
JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001
JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final
JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001
JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26
JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001
JBEAP-23323 - <a href="7.4.z">GSS</a> WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend
JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001
JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat JBoss EAP 7.4 for RHEL 8:</p>
<p>Source:
eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm
eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm
eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm
eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm
eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm
eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm
eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm
eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm
eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm
eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm
eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm
eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm</p>
<p>noarch:
eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm
eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm
eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm
eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm</p>
<p>x86_64:
eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2021-4104
https://access.redhat.com/security/cve/CVE-2021-44832
https://access.redhat.com/security/cve/CVE-2021-45046
https://access.redhat.com/security/cve/CVE-2021-45105
https://access.redhat.com/security/cve/CVE-2022-23302
https://access.redhat.com/security/cve/CVE-2022-23305
https://access.redhat.com/security/cve/CVE-2022-23307
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK
HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K
khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ
rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo
P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e
sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R
IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt
l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0
U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp
zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca
dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe
UnHI/WwB37w=
=eCh2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. JIRA issues fixed (https://issues.jboss.org/):</p>
<p>LOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]</p>
<ol>
<li></li>
</ol>
<p>All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html</p>
<ol>
<li>Solution:</li>
</ol>
<p>For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:</p>
<p>https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html</p>
<p>Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html</p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender</p>
<p>5</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202112-2011" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202112-2011" aria-expanded="false" aria-controls="collapseJsonvar-202112-2011">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202112-2011&t=Vulnerability var-202112-2011" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202112-2011&title=Vulnerability var-202112-2011" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202112-2011&url=https://vulnerability.circl.lu/vuln/var-202112-2011" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202112-2011&title=Vulnerability var-202112-2011" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202112-2011&description=Vulnerability var-202112-2011" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202112-2011&title=Vulnerability var-202112-2011" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202112-2011')" vuln-id="var-202112-2011" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202112-2011">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202112-2011">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0.3"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.4"
},
{
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.13"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.17.1"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.12"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"model": "cloudcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.5.2.1"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "communications offline mediation controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.18.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "retail fiscal management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"model": "communications brm - elastic charging engine",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.6"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.17.1",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.4",
"versionStartIncluding": "2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.2",
"versionStartIncluding": "2.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.0.4.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44832",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-408213",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-44832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-44832",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-408213",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44832",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID: RHSA-2022:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1297\nIssue date: 2022-04-11\nCVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]\n\n6. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
},
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44832",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-784507",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/28/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "166020",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165652",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165651",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166022",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165653",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165659",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165711",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2743",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408213",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44832",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166676",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"id": "VAR-202112-2011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:55:35.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44832: remote code execution via JDBC Appender",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5e48a524651ae46e6ca9ac28bf933dcd"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.54 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220181 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Streams 1.6.7 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220467 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221297 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1734",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1734"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221296 - security advisory"
},
{
"title": "Red Hat: CVE-2021-44832",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-44832"
},
{
"title": "IBM: Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fcd7c03d55043b4b7009ca8b920eb0ba"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221299 - security advisory"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis (CVE-2021-44832, CVE-2021-45105)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=56eb883672063a8cb42fae9e94dc10a9"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.7.43 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220493 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.8.31 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220485 - security advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-011",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-011"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44832)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e5bceef16eb57f063a2b356f344b5f60"
},
{
"title": "IBM: Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0cbd5f5df3a9f322684d99eeb2b9429"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-45046, CVE-2021-45105)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=073d7506d5d6ad6fb03dbf8d511bb92e"
},
{
"title": "IBM: Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7be059b2ea8ddccc8012a9cd63f3f993"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aff264acb8f6c42a7eec74ebc9aac61e"
},
{
"title": "Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-log4j-qruknebd"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f1a2b6f4f4568786daf1fc5e893e9283"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=42e3d15623cd7650d7ccb17534ee39a8"
},
{
"title": "Amazon Linux 2022: ALAS-2022-225",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-225"
},
{
"title": "aws-msk-iam-auth",
"trust": 0.1,
"url": "https://github.com/aws/aws-msk-iam-auth "
},
{
"title": "FuelSDK-Java",
"trust": 0.1,
"url": "https://github.com/salesforce-marketingcloud/fuelsdk-java "
},
{
"title": "mule-3.x-log4j-update-script",
"trust": 0.1,
"url": "https://github.com/yhorndt/mule-3.x-log4j-update-script "
},
{
"title": "fix_log4j2",
"trust": 0.1,
"url": "https://github.com/yundinglab/fix_log4j2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-44832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-3293"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21248"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21296"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21360"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21293"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21282"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21294"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21283"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21340"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/6577421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.8"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0225"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0226"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:0484"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0493"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0492"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-408213"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"date": "2022-01-20T17:49:05",
"db": "PACKETSTORM",
"id": "165632"
},
{
"date": "2022-01-20T17:49:52",
"db": "PACKETSTORM",
"id": "165636"
},
{
"date": "2022-01-20T17:50:03",
"db": "PACKETSTORM",
"id": "165637"
},
{
"date": "2022-04-11T17:14:49",
"db": "PACKETSTORM",
"id": "166676"
},
{
"date": "2022-01-21T15:31:01",
"db": "PACKETSTORM",
"id": "165652"
},
{
"date": "2022-01-21T15:30:48",
"db": "PACKETSTORM",
"id": "165651"
},
{
"date": "2022-02-17T16:56:10",
"db": "PACKETSTORM",
"id": "166022"
},
{
"date": "2022-02-17T16:54:19",
"db": "PACKETSTORM",
"id": "166020"
},
{
"date": "2021-12-28T20:15:08.400000",
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-408213"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"date": "2023-11-07T03:39:43.957000",
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166676"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-0203-03",
"sources": [
{
"db": "PACKETSTORM",
"id": "165632"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165632"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165637"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "166022"
},
{
"db": "PACKETSTORM",
"id": "166020"
}
],
"trust": 0.7
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-202203-1506">var-202203-1506</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you
about the security issues fixed in this release. Description:</p>
<p>A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat
Camel K that includes CVE fixes in the base images, which are documented in
the Release Notes document linked in the References section. Solution:</p>
<p>Before applying this update, make sure all previously released errata
relevant to your system have been applied. </p>
<p>For details on how to apply this update, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li></li>
</ol>
<p>Installation instructions are available from the Fuse 7.10 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/</p>
<ol>
<li>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</li>
</ol>
<p>==================================================================== <br />
Red Hat Security Advisory</p>
<p>Synopsis: Low: Red Hat Decision Manager 7.12.1 security update
Advisory ID: RHSA-2022:1379-01
Product: Red Hat Decision Manager
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379
Issue date: 2022-04-14
CVE Names: CVE-2022-22965
====================================================================
1. Summary:</p>
<p>An update is now available for Red Hat Decision Manager. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. </p>
<ol>
<li>Description:</li>
</ol>
<p>Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and business optimization for solving
planning problems. It automates business decisions and makes that logic
available to the entire business. </p>
<p>This asynchronous security patch is an update to Red Hat Decision Manager
7. </p>
<p>Security Fix(es):</p>
<ul>
<li>spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+
(CVE-2022-22965)</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li></li>
</ol>
<p>This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes
the Spring MVC and WebFlux jars. </p>
<p>For on-premise installations, before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on. </p>
<p>It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). </p>
<ol>
<li>Bugs fixed (https://bugzilla.redhat.com/):</li>
</ol>
<p>2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2022-22965
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/security/vulnerabilities/RHSB-2022-003
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2
/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW
RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB
CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU
aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM
Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa
7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv
zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2
EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD
Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6
DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD
Pjhf0e6lKl4=xaz4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Description:</p>
<p>AMQ Broker is a high-performance messaging implementation based on ActiveMQ
Artemis. It uses an asynchronous journal for fast message persistence, and
supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to
in the References section</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-202203-1506" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-202203-1506" aria-expanded="false" aria-controls="collapseJsonvar-202203-1506">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-202203-1506&t=Vulnerability var-202203-1506" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-202203-1506&title=Vulnerability var-202203-1506" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-202203-1506&url=https://vulnerability.circl.lu/vuln/var-202203-1506" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-202203-1506&title=Vulnerability var-202203-1506" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-202203-1506&description=Vulnerability var-202203-1506" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-202203-1506&title=Vulnerability var-202203-1506" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-202203-1506')" vuln-id="var-202203-1506" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-202203-1506">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-202203-1506">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.2"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.200"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.18"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "3.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "cx cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3"
},
{
"model": "operation scheduler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.4"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.100"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications cloud native core network exposure function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.20"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "sinec network management system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.1"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "1.3"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "simatic speech assistant for machines",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.1"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.3.18",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Will DormannWe have not received a statement from the vendor.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
}
],
"trust": 0.8
},
"cve": "CVE-2022-22965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411825",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID: RHSA-2022:1379-01\nProduct: Red Hat Decision Manager\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1379\nIssue date: 2022-04-14\nCVE Names: CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411825",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22965",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "166713",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167011",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-254054",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022040109",
"trust": 1.2
},
{
"db": "CS-HELP",
"id": "SB2022033109",
"trust": 1.2
},
{
"db": "CERT/CC",
"id": "VU#970766",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166691",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166732",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166874",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060716",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042546",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060304",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071213",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042277",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072087",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041951",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042126",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1844",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1636",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1444.8",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1674",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-05",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411825",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166872",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"id": "VAR-202203-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
],
"trust": 0.6314393799999999
},
"last_update_date": "2024-01-25T20:10:56.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Spring Framework Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187595"
},
{
"title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221378 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221379 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221627 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221360 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221333 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221306 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221626 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
},
{
"title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-zx9guc67"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/coffeehb/spring4shell "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22965"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
},
{
"trust": 0.8,
"url": "cve-2022-22965 "
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1378"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-11T17:36:49",
"db": "PACKETSTORM",
"id": "166691"
},
{
"date": "2022-04-13T15:01:19",
"db": "PACKETSTORM",
"id": "166706"
},
{
"date": "2022-04-13T22:20:55",
"db": "PACKETSTORM",
"id": "166715"
},
{
"date": "2022-04-15T15:24:03",
"db": "PACKETSTORM",
"id": "166731"
},
{
"date": "2022-04-15T15:24:12",
"db": "PACKETSTORM",
"id": "166732"
},
{
"date": "2022-04-27T18:19:24",
"db": "PACKETSTORM",
"id": "166874"
},
{
"date": "2022-04-27T18:18:11",
"db": "PACKETSTORM",
"id": "166872"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2022-04-01T23:15:13.870000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2023-02-09T02:07:02.263000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201912-0889">var-201912-0889</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. (CVE-2019-17571)
A flaw was found in the Java logging library Apache Log4j in version 1.x. This allows a remote malicious user to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint. (CVE-2021-4104). Description:</p>
<p>Red Hat JBoss Data Virtualization is a lean data integration solution that
provides easy, real-time, and unified data access across disparate sources
to multiple applications and users. JBoss Data Virtualization makes data
spread across physically distinct systems - such as multiple databases, XML
files, and even Hadoop systems - appear as a set of tables in a local
database. </p>
<p>This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1
(Service Pack 1) serves as a replacement for Red Hat JBoss Data
Virtualization 6.4.8, and mitigates the impact of the log4j CVE's
referenced in this document by removing the affected classes from the
patch. Solution:</p>
<p>Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on. </p>
<p>The References section of this erratum contains a download link (you must
log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):</p>
<p>1785616 - CVE-2019-17571 log4j: deserialization of untrusted data in SocketServer
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer</p>
<ol>
<li></li>
</ol>
<p>For the oldstable distribution (stretch), this problem has been fixed
in version 1.2.17-7+deb9u1. </p>
<p>For the stable distribution (buster), this problem has been fixed in
version 1.2.17-8+deb10u1. </p>
<p>We recommend that you upgrade your apache-log4j1.2 packages. </p>
<p>For the detailed security status of apache-log4j1.2 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/apache-log4j1.2</p>
<p>Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/</p>
<p>Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----</p>
<p>iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6/FH1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RAJQ/9HLo721J7x4kWxFiWIP0Ui1xl8ZM6MBhA8qYfUD4DxKoHHfvYEq6Q7TTD
+FlTX5rRrjvgHF+MgxG1XDHtwv7XWhczEiHzZKHLCX3CsG+AL+CMmGoVqBtKEncC
FGYbVCSKYzxM8LaX2G1EyCzT2zfGZvPT5nFT7zAV0Ge6vpvWklF0s168h4pbG9hE
cF6aPqAlWMy5pLVRI+3XE1og4MECjqXB9a7HSWlHfur6NSnQlrHhWOCDJBw5zpPu
AKEfW5GvBaCdxdat1xTFqCu6h5387dtNsBlRrefp9q+fcrGj2Z351Lv7ccG5Co8T
e/7iNyABu2fmi8x4WFQwS3PY4AsM/2sa+KHfXnttSXcQniXAccg6S1eCaWVqdNfZ
3LPmeBC5gX3UqDNZTVv+kvHvv7EsD1/6bMeVZlKQZkYAeysbLWdjkA+88f6kaVwD
qv6mWCGo5k7ZoWCUKD1Zjz8VwBT4EI/2II5D93QgblVkHDX9CESfipIjJBJp7aJ7
wS2kvdXOko3JDaJbScpGmCnjCb5NhJ1KiBZSzXYHv3uhoqlI5QvYvC1bFHqC2GnT
cF4syuMELN6nZ/Yoz8sJiT4Ilppz98vLerHbJoJZIPEOh15k8UKaFkdt5CpI8MGK
4+sL2iWyTtCjGYGuhDkk0KyLcqijybv282VIkXDtAetpi8MTdsE=
=eH9L
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256</p>
<p>=====================================================================
Red Hat Security Advisory</p>
<p>Synopsis: Important: log4j security update
Advisory ID: RHSA-2022:5053-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5053
Issue date: 2022-06-15
CVE Names: CVE-2019-17571
=====================================================================</p>
<ol>
<li>Summary:</li>
</ol>
<p>An update for log4j is now available for Red Hat Enterprise Linux 6
Extended Lifecycle Support. </p>
<p>Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. </p>
<ol>
<li>Relevant releases/architectures:</li>
</ol>
<p>Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64</p>
<ol>
<li>Description:</li>
</ol>
<p>Log4j is a tool to help the programmer output log statements to a variety
of output targets. </p>
<p>Security Fix(es):</p>
<ul>
<li>log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571)</li>
</ul>
<p>For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. </p>
<ol>
<li>Solution:</li>
</ol>
<p>For details on how to apply this update, which includes the changes
described in this advisory, refer to:</p>
<p>https://access.redhat.com/articles/11258</p>
<ol>
<li>Package List:</li>
</ol>
<p>Red Hat Enterprise Linux Server (v. 6 ELS):</p>
<p>Source:
log4j-1.2.14-6.7.el6_10.src.rpm</p>
<p>i386:
log4j-1.2.14-6.7.el6_10.i686.rpm
log4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm</p>
<p>s390x:
log4j-1.2.14-6.7.el6_10.s390x.rpm
log4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm</p>
<p>x86_64:
log4j-1.2.14-6.7.el6_10.x86_64.rpm
log4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm</p>
<p>Red Hat Enterprise Linux Server Optional (v. 6 ELS):</p>
<p>i386:
log4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm
log4j-javadoc-1.2.14-6.7.el6_10.i686.rpm
log4j-manual-1.2.14-6.7.el6_10.i686.rpm</p>
<p>s390x:
log4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm
log4j-javadoc-1.2.14-6.7.el6_10.s390x.rpm
log4j-manual-1.2.14-6.7.el6_10.s390x.rpm</p>
<p>x86_64:
log4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm
log4j-javadoc-1.2.14-6.7.el6_10.x86_64.rpm
log4j-manual-1.2.14-6.7.el6_10.x86_64.rpm</p>
<p>These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/</p>
<ol>
<li>References:</li>
</ol>
<p>https://access.redhat.com/security/cve/CVE-2019-17571
https://access.redhat.com/security/updates/classification/#important</p>
<ol>
<li>Contact:</li>
</ol>
<p>The Red Hat security contact is <a href="mailto:secalert@redhat.com">secalert@redhat.com</a>. More contact
details at https://access.redhat.com/security/team/contact/</p>
<p>Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1</p>
<p>iQIVAwUBYqnJeNzjgjWX9erEAQgGiQ/8DiTAwAZPNPQlrV5ItJ3I3AxT4ruBA995
bPYquIN3zX0afhrGRMWTs/aD/4vYkbUtLA5QzqYlE1dsbleGHcAbxmSfY+wE8tE7
Bg02UGNI7bru25JPZE5lSuNA8McZw/aBRcorwhSVRiBQ1GbPMQqAimbrNx98r6Qe
QLupPSuNmbczUOh9X4gbPoqEeIizf8MtYbMS+LbpeIZWH7rELk3t7o63MerkAIYi
yWjXzL8Xn3ylflXUzdRNIJ8QZC+nU7kgib3Ugm4TbC9F5A0w7TiAomb9qnHOP+mW
2HoGje7VZIeGX7rwtCIttW5Z9/LztkhXb/Yk1tzMM3Jo/HWgqoP8dULxian7L8aE
DFlrGSbF0OQTDiYGVgGX2uW89Yi/XbX1nP7q0MtBq0D5P7z7yLKfHNyeksX+TFyV
kxhUrHY8u3JLvWxWBoRzEH8TOhuoMXRIp/FkDpnnM6dDbwSyQsalGZzWnTqOHSwi
sZDFnmuLQDUZQtslb4suSRgdQbu0xnvc+i38jbhoEOcH4xJGZnizRY/97wytq3Jp
nBj2G0sRSMNlbcA4rr0zzTT6K/HiBhI9OWn3n76lj7jySFYrIUmPgCNhZy5dV1vx
nK0c1WI+oRXn4xT4ekCYQUM/uysgWfeVLr9b2ArwaxMxvc4GiLA713gUgelejl6h
9kT6WndTNP0=
=VXI/
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. =========================================================================
Ubuntu Security Notice USN-5998-1
April 05, 2023</p>
<h1>apache-log4j1.2 vulnerabilities</h1>
<p>A security issue affects these releases of Ubuntu and its derivatives:</p>
<ul>
<li>Ubuntu 20.04 LTS</li>
<li>Ubuntu 18.04 LTS</li>
<li>Ubuntu 16.04 ESM</li>
</ul>
<p>Summary:</p>
<p>Several security issues were fixed in Apache Log4j. </p>
<p>Software Description:
- apache-log4j1.2: Java-based open-source logging tool</p>
<p>Details:</p>
<p>It was discovered that the SocketServer component of Apache Log4j 1.2
incorrectly handled deserialization. An attacker could possibly use this issue
to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.
(CVE-2019-17571)</p>
<p>It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly
handled deserialization. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-23302)</p>
<p>It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL
statements. A remote attacker could possibly use this issue to perform an SQL
injection attack and alter the database. This issue was only fixed in Ubuntu
18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305)</p>
<p>It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly
handled deserialization. An attacker could possibly use this issue to execute
arbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2022-23307)</p>
<p>Update instructions:</p>
<p>The problem can be corrected by updating your system to the following
package versions:</p>
<p>Ubuntu 20.04 LTS:
liblog4j1.2-java 1.2.17-9ubuntu0.2</p>
<p>Ubuntu 18.04 LTS:
liblog4j1.2-java 1.2.17-8+deb10u1ubuntu0.2</p>
<p>Ubuntu 16.04 ESM:
liblog4j1.2-java 1.2.17-7ubuntu1+esm1</p>
<p>In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-16</p>
<hr />
<pre><code> https://security.gentoo.org/
</code></pre>
<hr />
<p>Severity: Normal
Title: Apache Log4j: Multiple Vulnerabilities
Date: February 18, 2024
Bugs: #719146
ID: 202402-16</p>
<hr />
<h1>Synopsis</h1>
<p>Multiple vulnerabilities have been discovered in Apache Log4j, the worst
of which can lead to remote code execution. </p>
<h1>Background</h1>
<p>Log4j is a Java logging framework that supports various use cases with a
rich set of components, a separate API, and a performance-optimized
implementation. </p>
<h1>Affected packages</h1>
<p>Package Vulnerable Unaffected</p>
<hr />
<p>dev-java/log4j <= 1.2.17 Vulnerable!</p>
<h1>Description</h1>
<p>Multiple vulnerabilities hav been discovered in Apache Log4j. Please
review the CVE identifiers referenced below for details. </p>
<h1>Impact</h1>
<p>Please review the referenced CVE identifiers for details. </p>
<h1>Workaround</h1>
<p>There is no known workaround at this time. </p>
<h1>Resolution</h1>
<p>Gentoo has discontinued support for log4j. We recommend that users
unmerge it:</p>
<p># emerge --ask --depclean "dev-java/log4j"</p>
<h1>References</h1>
<p>[ 1 ] CVE-2019-17571
https://nvd.nist.gov/vuln/detail/CVE-2019-17571
[ 2 ] CVE-2020-9488
https://nvd.nist.gov/vuln/detail/CVE-2020-9488
[ 3 ] CVE-2020-9493
https://nvd.nist.gov/vuln/detail/CVE-2020-9493
[ 4 ] CVE-2022-23302
https://nvd.nist.gov/vuln/detail/CVE-2022-23302
[ 5 ] CVE-2022-23305
https://nvd.nist.gov/vuln/detail/CVE-2022-23305</p>
<h1>Availability</h1>
<p>This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:</p>
<p>https://security.gentoo.org/glsa/202402-16</p>
<h1>Concerns?</h1>
<p>Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org. </p>
<h1>License</h1>
<p>Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s). </p>
<p>The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. </p>
<p>https://creativecommons.org/licenses/by-sa/2.5</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201912-0889" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201912-0889" aria-expanded="false" aria-controls="collapseJsonvar-201912-0889">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201912-0889&t=Vulnerability var-201912-0889" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201912-0889&title=Vulnerability var-201912-0889" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201912-0889&url=https://vulnerability.circl.lu/vuln/var-201912-0889" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201912-0889&title=Vulnerability var-201912-0889" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201912-0889&description=Vulnerability var-201912-0889" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201912-0889&title=Vulnerability var-201912-0889" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201912-0889')" vuln-id="var-201912-0889" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201912-0889">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201912-0889">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "log4j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.2.17"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "bookkeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "4.14.3"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.2 to 1.2.17"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.8.0",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.6",
"versionStartIncluding": "7.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.8
},
"cve": "CVE-2019-17571",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-17571",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-149831",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17571",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17571",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-950",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149831",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-17571",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. (CVE-2019-17571)\nA flaw was found in the Java logging library Apache Log4j in version 1.x. This allows a remote malicious user to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint. (CVE-2021-4104). Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems - such as multiple databases, XML\nfiles, and even Hadoop systems - appear as a set of tables in a local\ndatabase. \n\nThis Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1\n(Service Pack 1) serves as a replacement for Red Hat JBoss Data\nVirtualization 6.4.8, and mitigates the impact of the log4j CVE\u0027s\nreferenced in this document by removing the affected classes from the\npatch. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n1785616 - CVE-2019-17571 log4j: deserialization of untrusted data in SocketServer\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1.2.17-7+deb9u1. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.2.17-8+deb10u1. \n\nWe recommend that you upgrade your apache-log4j1.2 packages. \n\nFor the detailed security status of apache-log4j1.2 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j1.2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6/FH1fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RAJQ/9HLo721J7x4kWxFiWIP0Ui1xl8ZM6MBhA8qYfUD4DxKoHHfvYEq6Q7TTD\n+FlTX5rRrjvgHF+MgxG1XDHtwv7XWhczEiHzZKHLCX3CsG+AL+CMmGoVqBtKEncC\nFGYbVCSKYzxM8LaX2G1EyCzT2zfGZvPT5nFT7zAV0Ge6vpvWklF0s168h4pbG9hE\ncF6aPqAlWMy5pLVRI+3XE1og4MECjqXB9a7HSWlHfur6NSnQlrHhWOCDJBw5zpPu\nAKEfW5GvBaCdxdat1xTFqCu6h5387dtNsBlRrefp9q+fcrGj2Z351Lv7ccG5Co8T\ne/7iNyABu2fmi8x4WFQwS3PY4AsM/2sa+KHfXnttSXcQniXAccg6S1eCaWVqdNfZ\n3LPmeBC5gX3UqDNZTVv+kvHvv7EsD1/6bMeVZlKQZkYAeysbLWdjkA+88f6kaVwD\nqv6mWCGo5k7ZoWCUKD1Zjz8VwBT4EI/2II5D93QgblVkHDX9CESfipIjJBJp7aJ7\nwS2kvdXOko3JDaJbScpGmCnjCb5NhJ1KiBZSzXYHv3uhoqlI5QvYvC1bFHqC2GnT\ncF4syuMELN6nZ/Yoz8sJiT4Ilppz98vLerHbJoJZIPEOh15k8UKaFkdt5CpI8MGK\n4+sL2iWyTtCjGYGuhDkk0KyLcqijybv282VIkXDtAetpi8MTdsE=\n=eH9L\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: log4j security update\nAdvisory ID: RHSA-2022:5053-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5053\nIssue date: 2022-06-15\nCVE Names: CVE-2019-17571 \n=====================================================================\n\n1. Summary:\n\nAn update for log4j is now available for Red Hat Enterprise Linux 6\nExtended Lifecycle Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. \n\nSecurity Fix(es):\n\n* log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6 ELS):\n\nSource:\nlog4j-1.2.14-6.7.el6_10.src.rpm\n\ni386:\nlog4j-1.2.14-6.7.el6_10.i686.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm\n\ns390x:\nlog4j-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm\n\nx86_64:\nlog4j-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6 ELS):\n\ni386:\nlog4j-debuginfo-1.2.14-6.7.el6_10.i686.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.i686.rpm\nlog4j-manual-1.2.14-6.7.el6_10.i686.rpm\n\ns390x:\nlog4j-debuginfo-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.s390x.rpm\nlog4j-manual-1.2.14-6.7.el6_10.s390x.rpm\n\nx86_64:\nlog4j-debuginfo-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-javadoc-1.2.14-6.7.el6_10.x86_64.rpm\nlog4j-manual-1.2.14-6.7.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-17571\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYqnJeNzjgjWX9erEAQgGiQ/8DiTAwAZPNPQlrV5ItJ3I3AxT4ruBA995\nbPYquIN3zX0afhrGRMWTs/aD/4vYkbUtLA5QzqYlE1dsbleGHcAbxmSfY+wE8tE7\nBg02UGNI7bru25JPZE5lSuNA8McZw/aBRcorwhSVRiBQ1GbPMQqAimbrNx98r6Qe\nQLupPSuNmbczUOh9X4gbPoqEeIizf8MtYbMS+LbpeIZWH7rELk3t7o63MerkAIYi\nyWjXzL8Xn3ylflXUzdRNIJ8QZC+nU7kgib3Ugm4TbC9F5A0w7TiAomb9qnHOP+mW\n2HoGje7VZIeGX7rwtCIttW5Z9/LztkhXb/Yk1tzMM3Jo/HWgqoP8dULxian7L8aE\nDFlrGSbF0OQTDiYGVgGX2uW89Yi/XbX1nP7q0MtBq0D5P7z7yLKfHNyeksX+TFyV\nkxhUrHY8u3JLvWxWBoRzEH8TOhuoMXRIp/FkDpnnM6dDbwSyQsalGZzWnTqOHSwi\nsZDFnmuLQDUZQtslb4suSRgdQbu0xnvc+i38jbhoEOcH4xJGZnizRY/97wytq3Jp\nnBj2G0sRSMNlbcA4rr0zzTT6K/HiBhI9OWn3n76lj7jySFYrIUmPgCNhZy5dV1vx\nnK0c1WI+oRXn4xT4ekCYQUM/uysgWfeVLr9b2ArwaxMxvc4GiLA713gUgelejl6h\n9kT6WndTNP0=\n=VXI/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-5998-1\nApril 05, 2023\n\napache-log4j1.2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache Log4j. \n\nSoftware Description:\n- apache-log4j1.2: Java-based open-source logging tool\n\nDetails:\n\nIt was discovered that the SocketServer component of Apache Log4j 1.2\nincorrectly handled deserialization. An attacker could possibly use this issue\nto execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. \n(CVE-2019-17571)\n\nIt was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly\nhandled deserialization. An attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-23302)\n\nIt was discovered that Apache Log4j 1.2 incorrectly handled certain SQL\nstatements. A remote attacker could possibly use this issue to perform an SQL\ninjection attack and alter the database. This issue was only fixed in Ubuntu\n18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305)\n\nIt was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly\nhandled deserialization. An attacker could possibly use this issue to execute\narbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04\nLTS. (CVE-2022-23307)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n liblog4j1.2-java 1.2.17-9ubuntu0.2\n\nUbuntu 18.04 LTS:\n liblog4j1.2-java 1.2.17-8+deb10u1ubuntu0.2\n\nUbuntu 16.04 ESM:\n liblog4j1.2-java 1.2.17-7ubuntu1+esm1\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202402-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Log4j: Multiple Vulnerabilities\n Date: February 18, 2024\n Bugs: #719146\n ID: 202402-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Apache Log4j, the worst\nof which can lead to remote code execution. \n\nBackground\n==========\n\nLog4j is a Java logging framework that supports various use cases with a\nrich set of components, a separate API, and a performance-optimized\nimplementation. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\ndev-java/log4j \u003c= 1.2.17 Vulnerable!\n\nDescription\n===========\n\nMultiple vulnerabilities hav been discovered in Apache Log4j. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for log4j. We recommend that users\nunmerge it:\n\n # emerge --ask --depclean \"dev-java/log4j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-17571\n https://nvd.nist.gov/vuln/detail/CVE-2019-17571\n[ 2 ] CVE-2020-9488\n https://nvd.nist.gov/vuln/detail/CVE-2020-9488\n[ 3 ] CVE-2020-9493\n https://nvd.nist.gov/vuln/detail/CVE-2020-9493\n[ 4 ] CVE-2022-23302\n https://nvd.nist.gov/vuln/detail/CVE-2022-23302\n[ 5 ] CVE-2022-23305\n https://nvd.nist.gov/vuln/detail/CVE-2022-23305\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202402-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17571",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159173",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165965",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165943",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0120.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0098",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0120",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021415",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072503",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012001",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149831",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-17571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168829",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177171",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"id": "VAR-201912-0889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-22T20:10:54.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"title": "[jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"title": "[jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"title": "[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"title": "Apache Log4j Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=105686"
},
{
"title": "Red Hat: Important: log4j security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225053 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-4686-1 apache-log4j1.2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9b0c6a9bccfd00e69ffdf79166adb985"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j1.2: CVE-2019-17571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9b1a2b3bcff03a4370bb153cc1e9d89e"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220507 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220497 - security advisory"
},
{
"title": "IBM: Security Bulletin: The vanruability (net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact) found Network Performance Insight (CVE-2019-17571)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ef95ec07d1eed2c8e39fcac3eda0652d"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1562",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1562"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis (CVE-2019-17571, CVE-2020-9488)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=50fa9043c45905a52ed66dfe1c3ccd01"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b53b65c38e4d1ebaa2753d9afd7fa517"
},
{
"title": "IBM: Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0cbd5f5df3a9f322684d99eeb2b9429"
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/mahiratan/apache "
},
{
"title": "Deprecated",
"trust": 0.1,
"url": "https://github.com/michaeltandy/log4j-json "
},
{
"title": "FloreantPOS",
"trust": 0.1,
"url": "https://github.com/fat-tire/floreantpos "
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/rajuyelagattu/gopi "
},
{
"title": "Hello World for Apache Wicket 6.31.0-SNAPSHOT",
"trust": 0.1,
"url": "https://github.com/janimakinen/hello-world-apache-wicket "
},
{
"title": "Fix-Signature Tracking (FixSigTrack)",
"trust": 0.1,
"url": "https://github.com/sa-ne/fixsigtrack "
},
{
"title": "OPEN HTML TO PDF",
"trust": 0.1,
"url": "https://github.com/orgtestcodacy11krepos110mb/repo-5360-openhtmltopdf "
},
{
"title": "Log4j RELP Plugin",
"trust": 0.1,
"url": "https://github.com/teragrep/jla_05 "
},
{
"title": "log4j-scanner",
"trust": 0.1,
"url": "https://github.com/bluestoneag/log4j-scanner "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shadow-horse/cve-2019-17571 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17571"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200110-0001/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4686"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4495-1/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e%40%3cuser.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e%40%3clog4j-user.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2%40%3cdev.jena.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3cusers.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc%40%3ccommits.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d%40%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47%40%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347%40%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94%40%3cpluto-scm.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80%40%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-17571"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17571"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3cusers.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb3c94619728c8f8c176d8e175e0a1086ca737ecdfcd5a2214bb768bc@%3ccommits.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re36da78e4f3955ba6c1c373a2ab85a4deb215ca74b85fcd66142fea1@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r594411f4bddebaf48a4c70266d0b7849e0d82bb72826f61b3a35bba7@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6d34da5a0ca17ab08179a30c971446c7421af0e96f6d60867eabfc52@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdb7ddf28807e27c7801f6e56a0dfb31092d34c61bdd4fa2de9182119@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra18a903f785aed9403aea38bc6f36844a056283c00dcfc6936b6318c@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf53eeefb7e7e524deaacb9f8671cbf01b8a253e865fb94e7656722c0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r90c23eb8c82835fa82df85ae5e88c81fd9241e20a22971b0fb8f2c34@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rfdf65fa675c64a64459817344e0e6c44d51ee264beea6e5851fb60dc@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8418a0dff1729f19cf1024937e23a2db4c0f94f2794a423f5c10e8e7@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra9611a8431cb62369bce8909d7645597e1dd45c24b448836b1e54940@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcd71280585425dad7e232f239c5709e425efdd0d3de4a92f808a4767@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbd19de368abf0764e4383ec44d527bc9870176f488a494f09a40500d@%3ccommon-dev.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r26244f9f7d9a8a27a092eb0b2a0ca9395e88fcde8b5edaeca7ce569c@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9fb3238cfc3222f2392ca6517353aadae18f76866157318ac562e706@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8c6300245c0bcef095e9f07b48157e2c6471df0816db3408fcf1d748@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6b45a2fcc8e98ac93a179183dbb7f340027bdb8e3ab393418076b153@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8c392ca48bb7e50754e4bc05865e9731b23d568d18a520fe3d8c1f75@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r13d4b5c60ff63f3c4fab51d6ff266655be503b8a1884e2f2fab67c3a@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd7805c1bf9388968508c6c8f84588773216e560055ddcc813d19f347@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1b7734dfdfd938640f2f5fb6f4231a267145c71ed60cc7faa1cbac07@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9@%3ccommon-issues.hadoop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8d78a0fbb56d505461e29868d1026e98c402e6a568c13a6da67896a2@%3cdev.jena.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb41b53ffdf358d@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3bf7b982dfa0779f8a71f843d2aa6b4184a53e6be7f149ee079387fd@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718fa8edcc4325e4@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2756fd570b6709d55a61831ca028405bcb3e312175a60bc5d911c81f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3c575cabc7386e646fb12cb82b0b38ae5a6ade8a800f827107824495@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r189aaeaad897f7d6b96f7c43a8ef2dfb9f6e9f8c1cc9ad182ce9b9ae@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8a1cfd4705258c106e488091fcec85f194c82f2bbde6bd151e201870@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r696507338dd5f44efc23d98cafe30f217cf3ba78e77ed1324c7a5179@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf9c19bcc2f7a98a880fa3e3456c003d331812b55836b34ef648063c9@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r71e26f9c2d5826c6f95ad60f7d052d75e1e70b0d2dd853db6fc26d5f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7f462c69d5ded4c0223e014d95a3496690423c5f6f05c09e2f2a407a@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7a1acc95373105169bd44df710c2f462cad31fb805364d2958a5ee03@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5c084578b3e3b40bd903c9d9e525097421bcd88178e672f612102eb2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rda4849c6823dd3e83c7a356eb883180811d5c28359fe46865fd151c3@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6236b5f8646d48af8b66d5050f288304016840788e508c883356fe0e@%3clog4j-user.logging.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9a9e3b42cd5d1c4536a14ef04f75048dec8e2740ac6a138ea912177f@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf77f79699c8d7e430c14cf480f12ed1297e6e8cf2ed379a425941e80@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd882ab6b642fe59cbbe94dc02bd197342058208f482e57b537940a4b@%3cpluto-dev.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/reaf6b996f74f12b4557bc221abe88f58270ac583942fa41293c61f94@%3cpluto-scm.portals.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47@%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbdf18e39428b5c80fc35113470198b1fe53b287a76a46b0f8780b5fd@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra54fa49be3e773d99ccc9c2a422311cf77e3ecd3b8594ee93043a6b1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546a8f13ebd3aa05f@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r944183c871594fe9a555b8519a7c945bbcf6714d72461aa6c929028f@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6aec6b8f70167fa325fb98b3b5c9ce0ffaed026e697b69b85ac24628@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r356d57d6225f91fdc30f8b0a2bed229d1ece55e16e552878c5fa809a@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc628307962ae1b8cc2d21b8e4b7dd6d7755b2dd52fa56a151a27e4fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r909b8e3a36913944d3b7bafe9635d4ca84f8f0e2cd146a1784f667c2@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9d0d03f2e7d9e13c68b530f81d02b0fec33133edcf27330d8089fcfb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3cf50d05ce8cec8c09392624b7bae750e7643dae60ef2438641ee015@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1b434e11834a4449cd7addb69ed0aef0923112b5938182b363a968c@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4ac89cbecd9e298ae9fafb5afda6fa77ac75c78d1ac957837e066c4e@%3cuser.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2020/dla-2064"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014267-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200053-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200054-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2010"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufacturing-2-0-is-affected-by-vulnerabilities-of-log4j-1-2-17-log4j-deserialization-remote-code-execution-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165965/red-hat-security-advisory-2022-0507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0120.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0098/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0120/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-log4j-vulnerability-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159173/ubuntu-security-notice-usn-4495-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-the-vanruability-net-sf-ehcache-blocking-in-fasterxml-jackson-databind-has-an-unknown-impact-found-network-performance-insight-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072503"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6519984"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0599"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167493/red-hat-security-advisory-2022-5053-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-ibm-java-runtime-log4j-and-apache-commons-affect-ibm-spectrum-protect-snapshot-for-vmware/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-ibm-lks-art-agent/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-found-in-apache-log4j-v1-x-may-affect-ibm-enterprise-records/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021018"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021415"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-17571/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-disclosed-vulnerability/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-log4j-1-2-code-execution-via-socket-server-deserialization-31193"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012001"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165943/red-hat-security-advisory-2022-0497-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010302"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3154/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/solutions/625683)"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4495-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1build0.18.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0497"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache-log4j1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5053"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5998-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-9ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202402-16"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9493"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149831"
},
{
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"db": "PACKETSTORM",
"id": "159173"
},
{
"db": "PACKETSTORM",
"id": "165965"
},
{
"db": "PACKETSTORM",
"id": "165943"
},
{
"db": "PACKETSTORM",
"id": "168829"
},
{
"db": "PACKETSTORM",
"id": "167493"
},
{
"db": "PACKETSTORM",
"id": "171759"
},
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-149831"
},
{
"date": "2019-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"date": "2020-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"date": "2020-09-15T17:05:37",
"db": "PACKETSTORM",
"id": "159173"
},
{
"date": "2022-02-11T15:46:06",
"db": "PACKETSTORM",
"id": "165965"
},
{
"date": "2022-02-10T16:17:02",
"db": "PACKETSTORM",
"id": "165943"
},
{
"date": "2020-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "168829"
},
{
"date": "2022-06-20T00:19:05",
"db": "PACKETSTORM",
"id": "167493"
},
{
"date": "2023-04-06T14:37:27",
"db": "PACKETSTORM",
"id": "171759"
},
{
"date": "2024-02-19T14:10:03",
"db": "PACKETSTORM",
"id": "177171"
},
{
"date": "2019-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"date": "2019-12-20T17:15:11.893000",
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-149831"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17571"
},
{
"date": "2020-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013606"
},
{
"date": "2023-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-950"
},
{
"date": "2023-11-07T03:06:20.543000",
"db": "NVD",
"id": "CVE-2019-17571"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "177171"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-950"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0274">var-200904-0274</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0990. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. Description</p>
<p>The Oracle Critical Patch Update Advisory - April 2009 addresses 43
vulnerabilities in various Oracle products and components. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0274" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0274" aria-expanded="false" aria-controls="collapseJsonvar-200904-0274">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0274&t=Vulnerability var-200904-0274" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0274&title=Vulnerability var-200904-0274" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0274&url=https://vulnerability.circl.lu/vuln/var-200904-0274" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0274&title=Vulnerability var-200904-0274" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0274&description=Vulnerability var-200904-0274" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0274&title=Vulnerability var-200904-0274" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0274')" vuln-id="var-200904-0274" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0274">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0274">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application server",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "application server 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:5.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-0989",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0989",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-307",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0990. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0989",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53742",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022055",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"id": "VAR-200904-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:25:45.965000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
},
{
"title": "Oracle Application Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158171"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53742"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022055"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0989"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0989"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.7,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.610000",
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001236"
},
{
"date": "2021-07-28T18:42:05.047000",
"db": "NVD",
"id": "CVE-2009-0989"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Application Server of BI Publisher Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001236"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-307"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-201607-0174">var-201607-0174</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager.
The vulnerability can be exploited over the 'HTTPS' protocol. The 'Emulex' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2</p></p>
<a href="https://www.variotdbs.pl/vuln/VAR-201607-0174" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-201607-0174" aria-expanded="false" aria-controls="collapseJsonvar-201607-0174">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-201607-0174&t=Vulnerability var-201607-0174" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-201607-0174&title=Vulnerability var-201607-0174" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-201607-0174&url=https://vulnerability.circl.lu/vuln/var-201607-0174" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-201607-0174&title=Vulnerability var-201607-0174" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-201607-0174&description=Vulnerability var-201607-0174" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-201607-0174&title=Vulnerability var-201607-0174" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-201607-0174')" vuln-id="var-201607-0174" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-201607-0174">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-201607-0174">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
},
"cve": "CVE-2016-3585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-3585",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-92404",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3585",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3585",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92404",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-3585",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager. \nThe vulnerability can be exploited over the \u0027HTTPS\u0027 protocol. The \u0027Emulex\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3585",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91952",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-92404",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-3585",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"id": "VAR-201607-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:11:03.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63137"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91952"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3585"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3585"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92404"
},
{
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-92404"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91952"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"date": "2016-07-21T10:14:24.237000",
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-92404"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3585"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91952"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003872"
},
{
"date": "2017-09-01T01:29:15.740000",
"db": "NVD",
"id": "CVE-2016-3585"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Emulex Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91952"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/var-200904-0416">var-200904-0416</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://www.variotdbs.pl/vulns/" rel="noreferrer" target="_blank">variot</a>
</h6>
<p class="card-text"><p>Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit. ----------------------------------------------------------------------</p>
<p>Are you missing:</p>
<p>SECUNIA ADVISORY ID:</p>
<p>Critical:</p>
<p>Impact:</p>
<p>Where:</p>
<p>within the advisory below?</p>
<p>This is now part of the Secunia commercial solutions. </p>
<p>For more information see vulnerability #6 through #9 in:
SA34693</p>
<p>SOLUTION:
The vendor recommends to delete the GdFileConv.exe file. See vendor's
advisory for additional details. </p>
<p>Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and
denial of service. </p>
<p>I. The
document provides information about affected components, access and
authorization required for successful exploitation, and the impact
from the vulnerabilities on data confidentiality, integrity, and
availability. </p>
<p>Oracle has associated CVE identifiers with the vulnerabilities
addressed in this Critical Patch Update. If significant additional
details about vulnerabilities and remediation techniques become
available, we will update the Vulnerability Notes Database. </p>
<p>II. Impact</p>
<p>The impact of these vulnerabilities varies depending on the
product, component, and configuration of the system. Potential
consequences include the execution of arbitrary code or commands,
information disclosure, and denial of service. Vulnerable
components may be available to unauthenticated, remote attackers.
An attacker who compromises an Oracle database may be able to
access sensitive information. </p>
<p>III. Solution</p>
<p>Apply the appropriate patches or upgrade as specified in the Oracle
Critical Patch Update Advisory - April 2009. Note that this
document only lists newly corrected issues. Updates to patches for
previously known issues are not listed. </p>
<p>IV. References</p>
<ul>
<li>
<p>Oracle Critical Patch Update Advisory - April 2009 -
<a href="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</a></p>
</li>
<li>
<p>Critical Patch Updates and Security Alerts -
<a href="http://www.oracle.com/technology/deploy/security/alerts.htm">http://www.oracle.com/technology/deploy/security/alerts.htm</a></p>
</li>
<li>
<p>Map of Public Vulnerability to Advisory/Alert -
<a href="http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html">http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html</a></p>
</li>
</ul>
<hr />
<p>The most recent version of this document can be found at:</p>
<pre><code> <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
</code></pre>
<hr />
<p>Feedback can be directed to US-CERT Technical Staff. Please send
email to <a href="mailto:cert@cert.org">cert@cert.org</a> with "TA09-105A Feedback VU#955892" in
the subject. </p>
<hr />
<p>For instructions on subscribing to or unsubscribing from this
mailing list, visit <a href="http://www.us-cert.gov/cas/signup.html">http://www.us-cert.gov/cas/signup.html</a>. </p>
<hr />
<p>Produced 2009 by US-CERT, a government organization. </p>
<p>Terms of use:</p>
<pre><code> <http://www.us-cert.gov/legal.html>
</code></pre>
<hr />
<p>Revision History</p>
<p>April 15, 2009: Initial release</p>
<p>-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p>iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4
2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do
dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM
h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy
11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU
bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==
=kziE
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------</p>
<p>Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Some have unknown impacts, others can be exploited by malicious users
to conduct SQL injection attacks or disclose sensitive information,
and by malicious people compromise a vulnerable system. </p>
<p>1) A format string error exists within the Oracle Process Manager and
Notification (opmn) daemon, which can be exploited to execute
arbitrary code via a specially crafted POST request to port
6000/TCP. </p>
<p>2) Input passed to the "DBMS_AQIN" package is not properly sanitised
before being used. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code. </p>
<p>3) An error in the Application Express component included in Oracle
Database can be exploited by unprivileged database users to disclose
APEX password hashes in "LOWS_030000.WWV_FLOW_USER". </p>
<p>The remaining vulnerabilities are caused due to unspecified errors.
No more information is currently available. </p>
<p>PROVIDED AND/OR DISCOVERED BY:
1) Joxean Koret of TippingPoint
2, 3) Alexander Kornbrust of Red Database Security</p>
<p>The vendor also credits:
* Joshua J. Drake of iDefense
* Gerhard Eschelbeck of Qualys, Inc.
* Esteban Martinez Fayo of Application Security, Inc.
* Franz Huell of Red Database Security;
* Mike Janowski of Neohapsis, Inc.
* Joxean Koret
* David Litchfield of NGS Software
* Tanel Poder
* Sven Vetter of Trivadis
* Dennis Yurichev</p>
<p>ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html</p>
<p>ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-017/</p>
<p>Red Database Security:
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html
http://www.red-database-security.com/advisory/apex_password_hashes.html</p>
<hr />
<p>About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities. </p>
<p>Subscribe:
http://secunia.com/advisories/secunia_security_advisories/</p>
<p>Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/</p>
<p>Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. </p>
<hr />
<p>Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org</p>
<hr /></p>
<a href="https://www.variotdbs.pl/vuln/VAR-200904-0416" class="card-link" rel="noreferrer" target="_blank">Show details on source website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsonvar-200904-0416" aria-expanded="false" aria-controls="collapseJsonvar-200904-0416">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/var-200904-0416&t=Vulnerability var-200904-0416" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/var-200904-0416&title=Vulnerability var-200904-0416" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability var-200904-0416&url=https://vulnerability.circl.lu/vuln/var-200904-0416" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/var-200904-0416&title=Vulnerability var-200904-0416" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/var-200904-0416&description=Vulnerability var-200904-0416" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/var-200904-0416&title=Vulnerability var-200904-0416" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('var-200904-0416')" vuln-id="var-200904-0416" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsonvar-200904-0416">
<br />
<div class="card card-body">
<pre class="json-container" id="containervar-200904-0416">{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e-business suite 12",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 2.4,
"vendor": "oracle",
"version": "11i10cu2"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_12:12.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:11i10cu2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-0995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0995",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-313",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0995",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "53754",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022056",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"id": "VAR-200904-0416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2023-12-18T11:13:16.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - April 2009",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/53754"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022056"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0995"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0995"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T10:30:00.717000",
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004529"
},
{
"date": "2012-10-23T03:04:28.210000",
"db": "NVD",
"id": "CVE-2009-0995"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle E-Business Suite of Oracle Applications Framework Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004529"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-313"
}
],
"trust": 0.6
}
}</pre>
</div>
</div>
</div>
</div>
<br />
<div class="card">
<div class="card-body">
<h5 class="card-title"><a href="/vuln/cve-2017-3248">cve-2017-3248</a></h5>
<h6 class="card-subtitle mb-2 text-body-secondary">
Vulnerability from <a href="https://github.com/CVEProject/cvelistV5" rel="noreferrer" target="_blank">cvelistv5</a>
</h6>
<div class="row">
<div class="col-md-2 fw-bold">Published</div><div class="col">2017-01-27 22:01</div>
</div>
<div class="row">
<div class="col-md-2 fw-bold">Modified</div><div class="col">2024-10-09 19:48</div>
</div>
<div class="row">
<div class="col-md-2 fw-bold" data-bs-toggle="tooltip" data-bs-placement="right" title="The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.">Severity <span style="color: green;">?</span></div>
<div class="col">
</div>
</div>
<div class="row" hidden>
<div class="col-md-2 fw-bold" data-bs-toggle="tooltip" data-bs-placement="left" title="Exploit Prediction Scoring System (EPSS) from FIRST. The EPSS score is representing the probability of exploitation in the wild in the next 30 days.">EPSS score <span style="color: green;">?</span></div>
<div class="col">
<span id="epss-score"></span>
<span id="epss-percentile" style="text-decoration:underline dotted" data-bs-toggle="tooltip" data-bs-placement="right" title="The percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score."></span>
</div>
</div>
<div class="row">
<div class="col-md-2 fw-bold">Summary</div><div class="col">Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).</div>
</div>
<div class="row">
<div class="col-md-2 fw-bold">References</div>
<div class="col">
<table class="table table-borderless table-hover">
<thead>
<tr data-bs-toggle="collapse" data-bs-target="#collapseReferenceTablecve-2017-3248" aria-expanded="false" aria-controls="collapseReferenceTablecve-2017-3248">
<th scope="col" style="width: 20px;"><span class="chevron" >▼</span></th><th scope="col">URL</th><th scope="col">Tags</th>
</tr>
</thead>
<tbody class="collapse" id="collapseReferenceTablecve-2017-3248">
<tr><td></td><td><a href="https://www.exploit-db.com/exploits/44998/" rel="noreferrer" target="_blank">https://www.exploit-db.com/exploits/44998/</a></td><td>exploit, x_refsource_EXPLOIT-DB</td></tr>
<tr><td></td><td><a href="https://www.tenable.com/security/research/tra-2017-07" rel="noreferrer" target="_blank">https://www.tenable.com/security/research/tra-2017-07</a></td><td>x_refsource_MISC</td></tr>
<tr><td></td><td><a href="http://www.securityfocus.com/bid/95465" rel="noreferrer" target="_blank">http://www.securityfocus.com/bid/95465</a></td><td>vdb-entry, x_refsource_BID</td></tr>
<tr><td></td><td><a href="http://www.securitytracker.com/id/1037632" rel="noreferrer" target="_blank">http://www.securitytracker.com/id/1037632</a></td><td>vdb-entry, x_refsource_SECTRACK</td></tr>
<tr><td></td><td><a href="http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" rel="noreferrer" target="_blank">http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html</a></td><td>x_refsource_CONFIRM</td></tr>
<tr><td></td><td><a href="http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html" rel="noreferrer" target="_blank">http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html</a></td><td>x_refsource_MISC</td></tr>
</table>
</tbody>
</div>
</div>
<div class="row">
<div class="col-md-2 fw-bold">Impacted products</div>
<div class="col">
<table class="table table-borderless table-hover">
<thead>
<tr>
<th scope="col" style="width: 20px;"></th>
<th scope="col">Vendor</th>
<th scope="col">Product</th>
<th scope="col">Version</th>
</tr>
</thead>
<tbody>
<!-- First Row with Toggle for the First Element -->
<tr data-bs-toggle="collapse" data-bs-target="#collapseProductTablecve-2017-3248" aria-expanded="false" aria-controls="collapseProductTablecve-2017-3248">
<td><span class="chevron">▼</span></td>
<td><a href="/search?vendor=Oracle">Oracle</a></td>
<td><a href="/search?vendor=Oracle&product=WebLogic+Server">WebLogic Server</a></td>
<td>
<b>Version:</b> 10.3.6.0<br />
<b>Version:</b> 12.1.3.0<br />
<b>Version:</b> 12.2.1.0<br />
<b>Version:</b> 12.2.1.1<br />
</td>
</tr>
<!-- Remaining Rows in the Loop -->
<tr class="collapse" id="collapseProductTablecve-2017-3248">
<td colspan="4">
<table class="table table-borderless">
<tbody>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<a href="https://nvd.nist.gov/vuln/detail/cve-2017-3248" class="card-link" rel="noreferrer" target="_blank">Show details on NVD website</a>
<br /><br />
<div class="btn-group" role="group">
<a role="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#collapseJsoncve-2017-3248" aria-expanded="false" aria-controls="collapseJsoncve-2017-3248">
JSON
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</a>
<div class="btn-group" role="group">
<button id="btnGroupDropShare" type="button" class="btn btn-primary" data-bs-toggle="dropdown" aria-expanded="false">
Share
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#chevron-down"/>
</svg>
</button>
<ul class="dropdown-menu" aria-labelledby="btnGroupDropShare">
<li><a class="dropdown-item" href="https://news.ycombinator.com/submitlink?u=https://vulnerability.circl.lu/vuln/cve-2017-3248&t=Vulnerability cve-2017-3248" target="_blank" title="Share on Hacker News">Hacker News</a></li>
<li><a class="dropdown-item" href="https://www.linkedin.com/shareArticle?mini=true&url=https://vulnerability.circl.lu/vuln/cve-2017-3248&title=Vulnerability cve-2017-3248" target="_blank" title="Share on LinkedIn">LinkedIn</a></li>
<li><a class="dropdown-item" href="https://mastodonshare.com/?text=Vulnerability cve-2017-3248&url=https://vulnerability.circl.lu/vuln/cve-2017-3248" target="_blank" title="Share on Mastodon">Mastodon</a></li>
<li><a class="dropdown-item" href="https://www.newspipe.org/bookmark/bookmarklet?href=https://vulnerability.circl.lu/vuln/cve-2017-3248&title=Vulnerability cve-2017-3248" target="_blank" title="Share on Newspipe">Newspipe</a></li>
<li><a class="dropdown-item" href="https://api.pinboard.in/v1/posts/add?url=https://vulnerability.circl.lu/vuln/cve-2017-3248&description=Vulnerability cve-2017-3248" target="_blank" title="Share on Pinboard">Pinboard</a></li>
<li><a class="dropdown-item" href="https://reddit.com/submit?link=https://vulnerability.circl.lu/vuln/cve-2017-3248&title=Vulnerability cve-2017-3248" target="_blank" title="Share on Reddit">Reddit</a></li>
</ul>
</div>
<a type="button" class="btn btn-primary" title="Copy to clipboard" aria-label="Copy to clipboard" onclick="copyToClipboard('cve-2017-3248')" vuln-id="cve-2017-3248" href="#">To clipboard</a>
</div>
<div class="collapse" id="collapseJsoncve-2017-3248">
<br />
<div class="card card-body">
<pre class="json-container" id="containercve-2017-3248">{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:23:33.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44998",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44998/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-07"
},
{
"name": "95465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95465"
},
{
"name": "1037632",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:21:08.198036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:48:41.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WebLogic Server",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "10.3.6.0"
},
{
"status": "affected",
"version": "12.1.3.0"
},
{
"status": "affected",
"version": "12.2.1.0"
},
{
"status": "affected",
"version": "12.2.1.1"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "44998",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44998/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-07"
},
{
"name": "95465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95465"
},
{
"name": "1037632",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_value": "10.3.6.0"
},
{
"version_value": "12.1.3.0"
},
{
"version_value": "12.2.1.0"
},
{
"version_value": "12.2.1.1"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44998",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44998/"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-07"
},
{
"name": "95465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95465"
},
{
"name": "1037632",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037632"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2017-3248",
"datePublished": "2017-01-27T22:01:00",
"dateReserved": "2016-12-06T00:00:00",
"dateUpdated": "2024-10-09T19:48:41.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}</pre>
</div>
</div>
</div>
</div>
<br />
</div>
<script>
document.addEventListener("DOMContentLoaded", function() {
flatpickr("#weekPicker", {
plugins: [new weekSelect()],
weekNumbers: true, // Show week numbers in the calendar
locale: {
firstDayOfWeek: 1 // 0 = Sunday, 1 = Monday
},
onChange: function (selectedDates, dateStr) {
const selectedDate = selectedDates[0];
if (selectedDate) {
const monday = getMonday(selectedDate);
const nextSunday = addDays(monday, 6);
const formattedMonday = formatDate(monday);
const formattedNextSunday = formatDate(nextSunday);
loadSightings(formattedMonday, formattedNextSunday);
loadComments(formattedMonday, formattedNextSunday);
loadBundles(formattedMonday, formattedNextSunday);
}
},
});
const date_from = getUrlParameter("date_from") || getDateSinceToday(7);
let date_to = getUrlParameter("date_to") || getDateSinceToday(0);
if (daysBetweenDates(date_from, date_to) > 7) {
// console.warn("The range between date_from and date_to exceeds 7 days. Adjusting date_to.");
const adjustedDateTo = new Date(date_from);
adjustedDateTo.setDate(adjustedDateTo.getDate() + 7); // Set date_to to 7 days after date_from
date_to = adjustedDateTo.toISOString().split("T")[0]; // Update date_to in YYYY-MM-DD format
}
loadSightings(date_from, date_to);
loadComments(date_from, date_to);
loadBundles(date_from, date_to);
var jsonContainers = document.querySelectorAll(".json-container");
Array.prototype.forEach.call(jsonContainers, function(jsonContainer) {
jsonContainer.innerHTML = prettyPrintJson.toHtml(JSON.parse(jsonContainer.innerText));
});
document.getElementById("freetext_search").oninput = function(event) {
var text = document.getElementById("freetext_search").value;
if (text.length >= 3) {
fetch("/api/browse/?vendor="+text)
.then(response => response.json())
.then(vendors => {
var options = '';
vendors.map(function(vendor){
options += '<option value="'+ vendor +'" >';
})
document.getElementById('vendors_list').innerHTML = options;
});
}
}
const element_product = document.getElementById("productsList");
const choice_product = new Choices(element_product, {
shouldSort: true,
});
const element_vuln = document.getElementById("vulnsList");
const choice_vuln = new Choices(element_vuln, {
shouldSort: true,
});
});
function getDateSinceToday(daysAgo) {
const today = new Date();
// Subtract the given number of days
today.setDate(today.getDate() - daysAgo);
// Format the date as YYYY-MM-DD
const year = today.getFullYear();
const month = String(today.getMonth() + 1).padStart(2, '0'); // Months are 0-based
const day = String(today.getDate()).padStart(2, '0');
return `${year}-${month}-${day}`;
}
function handleWeekSelection(selectedDates, dateStr) {
// `selectedDates` is an array of Date objects.
// `dateStr` is the formatted string (e.g., "2024-W02" for week 2 of 2024).
console.log("Selected Week Start Date:", selectedDates[0]);
console.log("Selected Week as String:", dateStr);
}
function loadSightings(date_from, date_to) {
fetch("/api/sighting/?type=seen&date_from="+date_from+"&date_to="+date_to)
.then(response => response.json())
.then(result => {
if (result.metadata.count == 0) {
document.getElementById("sightingsChartContainerSeen").style.display = 'none';
} else {
document.getElementById("sightingsChartContainerSeen").style.display = 'block';
drawBarChartHomePage(result.data, 'exploitedVulnsChartSeen', 'Mentions over the past week.', 'rgba(75, 192, 75, 0.2)');
}
})
.catch((error) => {
console.error('Error:', error);
});
fetch("/api/sighting/?type=exploited&date_from="+date_from+"&date_to="+date_to)
.then(response => response.json())
.then(result => {
if (result.metadata.count == 0) {
document.getElementById("sightingsChartContainerExploited").style.display = 'none';
} else {
document.getElementById("sightingsChartContainerExploited").style.display = 'block';
drawBarChartHomePage(result.data, 'exploitedVulnsChartExploited', 'Exploitations over the past week.', 'rgba(255, 99, 132, 0.2)');
}
})
.catch((error) => {
console.error('Error:', error);
});
fetch("/api/sighting/?type=confirmed&date_from="+date_from+"&date_to="+date_to)
.then(response => response.json())
.then(result => {
if (result.metadata.count == 0) {
document.getElementById("sightingsChartContainerConfirmed").style.display = 'none';
} else {
document.getElementById("sightingsChartContainerConfirmed").style.display = 'block';
drawBarChartHomePage(result.data, 'exploitedVulnsChartConfirmed', 'Confirmations over the past week.', 'rgba(75, 192, 192, 0.2)');
}
})
.catch((error) => {
console.error('Error:', error);
});
};
function loadComments(date_from, date_to) {
fetch("/api/comment/?per_page=5&date_from="+date_from+"&date_to="+date_to)
.then(response => response.json())
.then(result => {
if (result.metadata.count == 0) {
document.getElementById("list-comments").innerHTML = "Nothing to display for this period.";
} else {
document.getElementById("list-comments").innerHTML = "";
result.data
.sort(function (a, b) {
return new Date(b.updated_at) - new Date(a.updated_at);
})
.map(function (comment) {
var element = document.createElement("li");
element.setAttribute("class", "list-group-item small-list-group-item");
element.innerHTML = '<a href="/user/'+comment.author.login+'">' + comment.author.login +
'</a> commented on <a href="/comment/'+comment.uuid+'">'+comment.vulnerability+'</a>';
document.getElementById("list-comments").appendChild(element);
})
}
})
.catch((error) => {
console.error('Error:', error);
});
};
function truncateString(str, maxLength) {
if (str.length > maxLength) {
return str.slice(0, maxLength) + "…";
}
return str;
}
function loadBundles(date_from, date_to) {
fetch("/api/bundle/?per_page=5&date_from="+date_from+"&date_to="+date_to)
.then(response => response.json())
.then(result => {
if (result.metadata.count == 0) {
document.getElementById("list-bundles").innerHTML = "Nothing to display for this period.";
} else {
document.getElementById("list-bundles").innerHTML = "";
result.data
.sort(function (a, b) {
return new Date(b.updated_at) - new Date(a.updated_at);
})
.map(function (bundle) {
var element = document.createElement("li");
element.setAttribute("class", "list-group-item small-list-group-item");
element.innerHTML = '<a href="/user/'+bundle.author.login+'">' + bundle.author.login +
'</a> created <a href="/bundle/'+bundle.uuid+'">' + truncateString(bundle.name, 25) +'</a>';
document.getElementById("list-bundles").appendChild(element);
})
}
})
.catch((error) => {
console.error('Error:', error);
});
};
</script>
</div>
</main>
<footer class="footer bg-light">
<div class="container">
<div class="row">
<div class="col d-none d-md-block">
<div class="d-flex justify-content-start">
<span class="text-muted"><a href="https://www.circl.lu" rel="noreferrer" target="_blank">Computer Incident Response Center Luxembourg (CIRCL)</a></span>
</div>
</div>
<div class="col">
<div class="d-flex justify-content-end">
<a class="text-end d-none d-md-block" href="https://vulnerability.circl.lu/dumps/">Dumps</a>
<a class="text-end" href="/users/">Contributors</a>
<a class="text-end" href="/documentation/">Documentation</a>
<a class="text-end" href="/api/">API</a>
<a class="text-end" href="/about">About</a>
<a class="text-end" href="https://github.com/cve-search/vulnerability-lookup" title="Source code of Vulnerability-Lookup" target="_blank">
<svg class="bi"
width="1em" height="1em" fill="currentColor">
<use xlink:href="/bootstrap/static/icons/bootstrap-icons.svg#github"/>
</svg>
</a>
</div>
</div>
</div>
</div>
</footer>
<!-- Optional JavaScript -->
<script src="/bootstrap/static/umd/popper.min.js"></script>
<script src="/bootstrap/static/js/bootstrap.min.js"></script>
<script>
if (getCookie("theme") == 'light') {
document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-moon-stars-fill" viewBox="0 0 16 16"><path d="M6 .278a.77.77 0 0 1 .08.858 7.2 7.2 0 0 0-.878 3.46c0 4.021 3.278 7.277 7.318 7.277q.792-.001 1.533-.16a.79.79 0 0 1 .81.316.73.73 0 0 1-.031.893A8.35 8.35 0 0 1 8.344 16C3.734 16 0 12.286 0 7.71 0 4.266 2.114 1.312 5.124.06A.75.75 0 0 1 6 .278"/><path d="M10.794 3.148a.217.217 0 0 1 .412 0l.387 1.162c.173.518.579.924 1.097 1.097l1.162.387a.217.217 0 0 1 0 .412l-1.162.387a1.73 1.73 0 0 0-1.097 1.097l-.387 1.162a.217.217 0 0 1-.412 0l-.387-1.162A1.73 1.73 0 0 0 9.31 6.593l-1.162-.387a.217.217 0 0 1 0-.412l1.162-.387a1.73 1.73 0 0 0 1.097-1.097zM13.863.099a.145.145 0 0 1 .274 0l.258.774c.115.346.386.617.732.732l.774.258a.145.145 0 0 1 0 .274l-.774.258a1.16 1.16 0 0 0-.732.732l-.258.774a.145.145 0 0 1-.274 0l-.258-.774a1.16 1.16 0 0 0-.732-.732l-.774-.258a.145.145 0 0 1 0-.274l.774-.258c.346-.115.617-.386.732-.732z"/></svg>';
document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-coul.png';
document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to dark theme');
} else {
document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-sun-fill" viewBox="0 0 16 16"><path d="M8 12a4 4 0 1 0 0-8 4 4 0 0 0 0 8M8 0a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 0m0 13a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 13m8-5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2a.5.5 0 0 1 .5.5M3 8a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2A.5.5 0 0 1 3 8m10.657-5.657a.5.5 0 0 1 0 .707l-1.414 1.415a.5.5 0 1 1-.707-.708l1.414-1.414a.5.5 0 0 1 .707 0m-9.193 9.193a.5.5 0 0 1 0 .707L3.05 13.657a.5.5 0 0 1-.707-.707l1.414-1.414a.5.5 0 0 1 .707 0m9.193 2.121a.5.5 0 0 1-.707 0l-1.414-1.414a.5.5 0 0 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .707M4.464 4.465a.5.5 0 0 1-.707 0L2.343 3.05a.5.5 0 1 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .708"/></svg>';
document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-white-coul.png';
document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to light theme');
}
document.addEventListener("DOMContentLoaded", function() {
document.getElementById('btnThemeSwitch').addEventListener('click',()=>{
if (document.documentElement.getAttribute('data-bs-theme') == 'dark') {
document.documentElement.setAttribute('data-bs-theme','light')
document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-moon-stars-fill" viewBox="0 0 16 16"><path d="M6 .278a.77.77 0 0 1 .08.858 7.2 7.2 0 0 0-.878 3.46c0 4.021 3.278 7.277 7.318 7.277q.792-.001 1.533-.16a.79.79 0 0 1 .81.316.73.73 0 0 1-.031.893A8.35 8.35 0 0 1 8.344 16C3.734 16 0 12.286 0 7.71 0 4.266 2.114 1.312 5.124.06A.75.75 0 0 1 6 .278"/><path d="M10.794 3.148a.217.217 0 0 1 .412 0l.387 1.162c.173.518.579.924 1.097 1.097l1.162.387a.217.217 0 0 1 0 .412l-1.162.387a1.73 1.73 0 0 0-1.097 1.097l-.387 1.162a.217.217 0 0 1-.412 0l-.387-1.162A1.73 1.73 0 0 0 9.31 6.593l-1.162-.387a.217.217 0 0 1 0-.412l1.162-.387a1.73 1.73 0 0 0 1.097-1.097zM13.863.099a.145.145 0 0 1 .274 0l.258.774c.115.346.386.617.732.732l.774.258a.145.145 0 0 1 0 .274l-.774.258a1.16 1.16 0 0 0-.732.732l-.258.774a.145.145 0 0 1-.274 0l-.258-.774a1.16 1.16 0 0 0-.732-.732l-.774-.258a.145.145 0 0 1 0-.274l.774-.258c.346-.115.617-.386.732-.732z"/></svg>';
document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-coul.png';
document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to dark theme');
document.cookie = "theme=light; path=/; SameSite=Strict";
}
else {
document.documentElement.setAttribute('data-bs-theme','dark');
document.getElementById('btnThemeSwitch').innerHTML = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-sun-fill" viewBox="0 0 16 16"><path d="M8 12a4 4 0 1 0 0-8 4 4 0 0 0 0 8M8 0a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 0m0 13a.5.5 0 0 1 .5.5v2a.5.5 0 0 1-1 0v-2A.5.5 0 0 1 8 13m8-5a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2a.5.5 0 0 1 .5.5M3 8a.5.5 0 0 1-.5.5h-2a.5.5 0 0 1 0-1h2A.5.5 0 0 1 3 8m10.657-5.657a.5.5 0 0 1 0 .707l-1.414 1.415a.5.5 0 1 1-.707-.708l1.414-1.414a.5.5 0 0 1 .707 0m-9.193 9.193a.5.5 0 0 1 0 .707L3.05 13.657a.5.5 0 0 1-.707-.707l1.414-1.414a.5.5 0 0 1 .707 0m9.193 2.121a.5.5 0 0 1-.707 0l-1.414-1.414a.5.5 0 0 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .707M4.464 4.465a.5.5 0 0 1-.707 0L2.343 3.05a.5.5 0 1 1 .707-.707l1.414 1.414a.5.5 0 0 1 0 .708"/></svg>';
document.getElementById('vulnerability-lookup-logo').src = '/static/img/VL-hori-white-coul.png';
document.getElementById('btnThemeSwitch').setAttribute('title', 'Switch to light theme');
document.cookie = "theme=dark; path=/; SameSite=Strict";
}
})
});
</script>
</body>
</html>